Recommended Practices for Internal Information Theft Prevention

This chapter discusses the recommended security practices garnered from renowned IS security consulting firms and the research experts. Information security strategies are practices that ensure that employees do not steal and leak sensitive/critical retail business information. The strategies include software products that can help security professionals control what information employees can process during retail operation. Although adoption of rigorous security strategies is very important, the effectiveness of strategies in preventing internal information theft depends on these practices: security of employees, implementing internal proprietary security/control, well-defined corporate policies and information security audits. The Verizon's DBIR categorised the timeline analysis of information theft incidents into three phases: pre-incident, active incident and post-incident. SANS Critical Security Controls, suggests that conventional information theft prevention based on data security certainly has its place, although the success of the prevention strategies depends mostly on how the IS security management implements them.