CSO

Once upon a time, a CSO wanted to deploy a honey pot to catch 'bad guys' accessing corporate financials.  Of course, the corporate financial system is located behind firewalls with access based upon roles and transactions logged for activity and anomalies. The CSO wanted to deploy this honey pot internally so it looked like the corporate financial system. With holes in the perimeter large enough to drive a truck through and existing technologies only partially deployed, it seemed a bit asinine to put a honey pot anywhere in the environment much less internally to catch the unseen bad guys. I could think of dozens of other risk related strategies with which to use the financial and human resources need to deploy and maintain the honey pot that would actually improve the corporate security posture. Besides, there was no evidence anywhere of any issue of any time related to such goblin like activity.  Usually you have some evidence before hand and would try to use a risk-based approach to technology  deployments instead of some White Rabbit nightmare looking like Columbo that drives you to the internal honey pot epiphany. So why would anyone think that the financials were being inappropriately accessed either by hackers or internal ghosts in the network? I can only assume a good dose of paranoia puréed  with a Napoleonic complex sprinkled with feelings of inadequacy stirred with a dash of Mighty Mouse (Here I come to save the day…) and a sprig of Bill the Cat was behind the thought patterns here (kinda scary ain’t it).

I think the CSO could have run several different reports that provided access activity logs and entitlement review reports. Or some open source tool to sniff for odd activities. In fact, SOX requires such reporting that must be based at least upon the last 12 months demonstrating no out-of-the-ordinary activity.  In fact, these same reports must be used quarterly as part of the SOX entitlement review process and validated by both internal audit and an external auditing group.  This was simply a person believing there was a need to deploy new technology when technology already existing and processes and procedures corresponding to proven controls were already in place.  Believing that process and procedure are distasteful and a waste of time, this CSO seemed to come up with some new idea garnered in some Ellsworth Toohey fashion that required technology deployments as a method of program and self worth.

Whoever heard of putting in an internal honey pot when you have holes the size of trucks at the perimeter you can drive through? And who would you catch? Most likely some of his own minions acting on his behalf to prove the theory.  You may wish to get away quickly (run Forest run).

Ack Thtbbft!!!