Welcome » IT Booklets » Information Security » Security Controls Implementation » Personnel Security
Financial institutions should mitigate the risks posed by internal users by
Application owners grant legitimate users system access necessary to perform their duties; security personnel enforce access rights in accordance with institution standards. Because of their internal access levels and intimate knowledge of financial institution processes, authorized users pose a potential threat to systems and data. Employees, contractors, or third-party employees can exploit their legitimate computer access for malicious, fraudulent, or economic reasons. Additionally, the degree of internal access granted to some users increases the risk of accidental damage or loss of information and systems. Risk exposures from internal users include