These basic procedures, when followed consistently and effectively, are cornerstones of network management and Internet usage. Yet none of this protects against the malice of a trusted insider.

What do we do about this much greater threat? One effective approach has been taken by the U.S. Internal Revenue Service: It has established an external watchdog group — drawn from the Treasury Department — to archive all transactions (telephone as well as online contacts), along with both taxpayer and IRS employee data. The immense pool of data amassed by the group is then subjected to intensive data mining and analysis using a custom-tailored artificial intelligence application to seek out and reveal anomalous patterns that may point to employee fraud.

The IRS approach assumes that clues to deceptive behavior are always present and acknowledges that it may be necessary to dig deep to find them. To be sure, theirs is an expensive solution, but few taxpayers are likely to take issue with the cost incurred to uncover dishonest IRS employees!

Organizations with less daunting exposure and more modest resources need not take such elaborate measures to detect insider crime: The basic tools for detecting it are available on a network’s system logs. However, the task is not simple. Effective monitoring of those logs requires considerable time and sufficient knowledge about the company’s business practices to differentiate the suspicious from the routine. Thus, anyone handling this task needs to know as much about the organization’s activity as about computing.

Better a Pimp

In a reply to an e-mail from a visitor to his Web site, Apple PC inventor Steve Wozniak, after describing his own experiences as a network administrator, wrote: “If my son wants to be a pimp when he grows up, that’s fine with me. I hope he’s a good one and enjoys it and doesn’t get caught. I’ll support him in this. But if he wants to be a network administrator, he’s out of the house and not part of my family.”

What Steve Wozniak knows from his own experiences and what he wanted, in part, to relate to his correspondent in a particularly memorable way is what every professional network administrator knows: Effective network administration is labor-intensive to an astounding degree.

Best Practices — Beyond the Obvious

A high level of professional staff competency in computing and use of sophisticated procedures and protection software are not enough to assure computer network security.

To a large degree, the ability of a network administration staff to make information technology secure is a function of the mix of competencies within the department and the size of the department’s staff:

• As noted, detection of insider crime requires that some of the staff possess thorough familiarity with the organization’s business practices in addition to technical credentials in computer networking and information security.
   
• As illustrated by the pimp story, network administration is time-consuming work. Consequently, leaner staffing may be counterproductive; in fact, leaner staffing may be dangerous. Tasks left undone, or postponed, because of inadequate staffing may cost hundreds of millions of dollars in losses.