15
thoughts on this insider threat case?
(lemmus.org)
quick case study for the cybersec folks here. got this real story in my dpo class & wanted ur thoughts.
IT guy at a bank, last day of his notice period. a trainee saw him puttin some CD-ROMs in his bag & told security. they checked him at the exit and found a full export of the bank's top clients on the discs. guy got fired for gross misconduct & a police complaint was filed.
any red flags or stuff that stands out to u technicaly or otherwise ? i have my own ideas on this cas but curious what u guys think first?
thx ๐
Technically speaking, what kind of logs does burning a CD actually leave on a hardened Win/Linux workstation compared to a USB mount? If the DLP is only looking for 'Mass Storage Devices', does the burning process even trigger a file-copy event in the logs?
The process that's being executed to run the burner would be a clue, based on my experiences (limited) and knowledge (also limited). For windows, if the outright windows burner was used then there'd be system logs for that. If another program were used, well, that begs more IT security questions about permissions.
I have whole months of experience using Linux, so, no idea there.