Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

CISO Advice: Shooting Might Not Be The Best Option

  • Font size: Larger Smaller
  • Hits: 5812
  • Print

One of the perks of being a Senior Implementation Advisor at Xpandion is hearing our customers describe their many juicy company stories. And let me tell you, there are some doozies. This most recent one is a very interesting case.

b2ap3 thumbnail iStock 000007448052XSmall


Our system caught an employee trying to download his company's full customer list, including each of the customer's yearly sales figures. Now, this employee works in the warehouse and the system identified a deviation from his normal "warehouse activity" of updating stock, issuing goods, etc. Producing customer lists belongs in the application area of Accounts Receivable, i.e., customers, and this activity obviously does not fit the warehouse user's regular application area of Logistics. The system sent off an immediate alert, the security guys went to see what was going on, and the thief was caught red-handed.

So then what happened? Did they report the incident to the local police office or alert the tabloids? Well, surprisingly, the company took a totally different approach. They put the guy through their own internal judicial system, and following his admission of guilt, lowered his salary, took away some of his pension and published the story without using his name, to the entire company.

So now you ask, why?

I asked the company's global CISO (Chief Information Security Officer) that very question. How is it that an employee, who was clearly caught in an almost criminal act, didn't face Federal law and got to keep his job?

The CISO explained to me that although such a serious act was committed, the employee was very good and the management wanted him to continue his work. Furthermore, settling a police report could take years, but this approach took exactly one week from the time of the incident, allowing the CISO to focus right away on publishing the story internally and preventing anyone else from committing future fraud. The most significant result, from the CISO's point of view, was achieved – that of instilling fear in others. "I don't have to fire anyone in order to prevent fraud," the CISO said to me, "publicly divulging that someone had been caught and lost some of his pension created the right atmosphere that would be effective long term."

Publishing the case so quickly created an effect that a police report couldn't, and at the end of the day, preventing the next fraudulent act is the main purpose of security managers. From the CISO's point of view it was the most effective response and a great closure to the situation.


From being in the field, I must admit that the impact I'm seeing at this company is amazing – this case has been the hot topic of conversation, and the possibility of further fraud has decreased. I also learned a good lesson that experienced CISOs know – you don't have to pull the trigger in order to create impact; sometimes just having a gun in your belt does the trick.

Dror Aviv joined Xpandion in 2010 as a programmer in the R&D team. Combining technical knowledge with implementation skills, Mr. Aviv serves today as a Senior Implementation Advisor, bringing with him extensive hands-on experience from the field. He works closely with customers at their sites, and is an expert in defining customer needs, translating them into business process and implementing them via ProfileTailor Dynamics’ suite of products.


  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest 24/06/2017


in XpandionPosted by Moshe Panzer

Xpandion and the Cloud: Compliance in Loosely-Connected Environments

For the last couple of years, the cloud has proven to be both an obstacle and an opportunity for enterprises. Even the largest Fortune 500 Companies who like to have their data on their own servers can't ignore the cloud anymore and are forced to create a policy for using it. Even if they aren't m...
in XpandionPosted by Yoav Michaeli

Office Space- A funny movie about hackers or a real life security threat?

Though most SAP programmers are reliable, serious professionals, there are a few who are intent on harming their organizations – and because of these few, we are rightfully afraid of the power of SAP Programmers. They almost always have a significant number of authorizations in the production system...
in XpandionPosted by Yoav Michaeli

Optimize Licensing Costs. Increase Security

These are amongst some of the most worrying words that enterprises and managers can hear.  And, yet, they are a part of day to day terminology- whether whispered behind  soundproof board room doors, discussed openly by upper management or colleagues addressing them casually over the wate...
in XpandionPosted by Yoav Michaeli

Do You Understand the Meaning of Behavior-Based Profiling?

Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly?

in Security & AuthorizationsPosted by Dror Aviv

Can You Develop a New T-Code for Me, Please? No, We Can’t!

Do you know the best way to handle ongoing new T-Code and development requests? Should the CIO approve allocating the resources for business requirements as they pop up or should he thoroughly inspect each application first?




157 Yigal Alon Street,

Tel Aviv 67443, Israel


US Office


33 West 19th Street, New York,

NY 10011, USA


India Office


C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India