Insider Misuse of Computing Resources

March, 2009


This special report, based on our survey of IT security professionals and executives worldwide, analyzes the threat of insider misuse of computing resources–that is, any violation of an organization’s policies regarding acceptable use. Examples include unauthorized file copying; downloading of software, music, or other media; P2P file-sharing; rogue remote access programs, modems, and wireless access points; misuse of business or personal email; instant messaging; blogging and posting to message boards; and personal web surfing. For each of these types of insider misuse, we present data concerning the perceived seriousness of the threat, typical organizational policies or lack thereof, frequency of violations against company policy, analysis of preventive and detective actions taken by organizations to deter the misuse, and typical levels of enforcement. (77 pp., 75 figs.)
[Extended Description]
[Executive Summary]