This story on a former Boeing employee drives home the challenges and complexities related to properly safeguarding information.  I am not going to get into the merits of the case, but think the story here is indicative of the complexities of trying to solve the problem of a determined insider.

What strikes me about this is that Mr. Eastman obtained over the course of two years more than 320k pages of documents with many labeled as sensitive or confidential.  How’d he do it?  Email, FTP, web site upload?  Nope – thumb drive.  How’d he get access?  In his role, he had wide ranging access or "unfettered access" as the charges describe.  How’d this come to light?  Via an email (of course) received by Boeing entitled "Leaks to the Seattle Times."

Drives home the points on my post about access to information and how that must be part of a broader information security plan.  Even if in his quality control position he needed broad system access, the sheer volume of file access and subsequent download activity pointed to an anomaly in need of further examination.