Blog Post

Not sure I have mentioned this but I am an ISO27001 auditor. This standard (ISO27001) helps to mitigate information security risks for all sizes of organisation. So I have been using the old “Superman 3” security breach in my 27001 audits recently. If Richards Pryor character “August "Gus" Gorman” had his software tested for security issues he would have been unable to embezzles $85,000 from his new employer's payroll. Then maybe we could have avoided getting Superman involved in a fight with a super computer! Maybe we can go further back to identify the problem, what could we have done ?

So using IS27001 here are some controls that may have reduced the risk of this;

A5.1.1, A7.2.3– A set of Policies for Information security, maybe if “Gus” was aware of security policies and the consequences of not following them, this may have been avoided

A6.1.3 Contact with Authorities, if Webster Industries reported this event to relevant authorities, maybe Superman did not need to get involved

A7.1.1 If appropriate screening was done on “Gus” this may have identified that this employee should NOT be given to access to employee payroll systems (or employed at all)

A9.1.2, A9.4.5 User “Gus” should not be given access to Payroll systems or source code of these systems

A12.1.4 Webster industries should have appropriate event logs and tracking in place to be able to demonstrate user access to systems

A14.2.8 Security testing did not take part during the development of the “Payroll” system

Ok, its just a bit of fun but ISO27001 really can help reduce the risks of information security issues that may (or may not) lead to employees stealing $85k then going on to develop a super computer bent on killing superman.

 

More Blog Posts