csce824-insider

csce824-insider - Insider Threat Insider Reading List The...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Insider Threat Insider Threat
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 727 - Farkas 2 Reading List Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat to Critical Infrastructures, http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_crit , 2008 CERT, Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector, www.cert.org/archive/pdf/insiderthreat_it2008.pdf , 2008
Background image of page 2
Analyzing the Insider Threat Analyzing the Insider Threat Defining the insider threat (physical and cyber) Analyzing scope, dynamics, and effect of globalization Obstacles and challenges to address the threat CSCE 727 - Farkas 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Why is it Challenging to Why is it Challenging to Address the Insider Threat? Address the Insider Threat? Trusted employee Security breaches often undetected Lack of reported data (organizations handle the events discretely) Difficulties to understand the causes and implications of the threat CSCE 727 - Farkas 4
Background image of page 4
Insider Threat Insider Threat “… one or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.” NIAC’s final report and recommendations of the Insider Threat to Critical Infrastructures, 2008 CSCE 727 - Farkas 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Access Access To the systems, facilities, or information Additional “insiders” Unescorted vendors Consultants Contractors Trust CSCE 727 - Farkas 6
Background image of page 6
Technical Aspect Technical Aspect CERT/SEI and US Secret Service study: Technical aspects: Most insiders had authorized access at the time of malicious activities Access control gaps facilitated most of the insider incidents Most insiders modified or deleted information using only user commands Some used technical means for compromising accounts CSCE 727 - Farkas 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Access Control Issues Access Control Issues Access exceeded what was needed to do the job Access was obtained following termination or changes in position The insider was able to use another employees account or computer Technical control was insufficient Insider could circumvent technical control CSCE 727 - Farkas 8
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 33

csce824-insider - Insider Threat Insider Reading List The...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online