ABSTRACT
The original phrase "Trust but verify" was made famous by Ronald Reagan in December 1987 after the signing of a treaty with Mikhail Gorbachev. In management training classes, the author has been told that blind trust is not a sane strategy to employ across all decisions in a low trust world. A "trusted" insider can do more damage than any external hacker. Probably the one breach that sticks in our mind of late is Home Depot. This is a classic example of why it is so important to manage any third-party relationships, particularly those with access rights to core company systems. If goal is to develop the strongest possible computer security for company, "trust no one" is the strongest policy. Investigators found that the criminals used a third-party vendor's user name and password to enter the Home Depot's network. Companies need to get tougher regarding third-party controls and be willing to pay a little more for better security.
