csce727-lect6 - Insider Threat Insider Reading List Denning...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Insider Threat Insider Threat
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 727 - Farkas 2 Reading List Reading List Denning Chapters 6 The national Infrastructure Advisory Council’s Final Report and Recommendation on the Insider Threat to Critical Infrastructures, http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_st CERT, Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector, www.cert.org/archive/pdf/insiderthreat_it2008.pdf Recommended A review of FBI Security Programs, http://www.usdoj.gov/05publications/websterreport.pdf (Intro, conclusion) Insider threat to security may be harder to detect, experts say, http://www.computerworld.com/securitytopics/security/story/0,10801,70112,00.html
Background image of page 2
Analyzing the Insider Threat Analyzing the Insider Threat Defining the insider threat (physical and cyber) Analyzing scope, dynamics, and effect of globalization Obstacles and challenges to address the threat CSCE 727 - Farkas 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Why is it Challenging to Why is it Challenging to Address the Insider Threat? Address the Insider Threat? Trusted employee Security breaches often undetected Lack of reported data (organizations handle the events discretely) Difficulties to understand the causes and implications of the threat How to apply the Method, Opportunity, Motivation (MOM) approach? Give examples of consequences. CSCE 727 - Farkas 4
Background image of page 4
Insider Threat Insider Threat “… one or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.” NIAC’s final report and recommendations of the Insider Threat to Critical Infrastructures, 2008 CSCE 727 - Farkas 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Access Access To the systems, facilities, or information Additional “insiders” Unescorted vendors Consultants Contractors Trust CSCE 727 - Farkas 6
Background image of page 6
Technical Aspect Technical Aspect CERT/SEI and US Secret Service study: Technical aspects: Most insiders had authorized access at the time of malicious activities Access control gaps facilitated most of the insider incidents Most insiders modified or deleted information using only user commends Some used technical means for compromising accounts CSCE 727 - Farkas 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Access Control Issues Access Control Issues Access exceeded what was needed to do the job Access was obtained following termination or changes in position The insider was able to use another employees account or computer Technical control was insufficient Insider could circumvent technical control CSCE 727 - Farkas 8
Background image of page 8
Trust Procedures to support trust management Establish appropriate level of trust at employment Monitor compliance over time Revoke access Mission critical positions What are the technical capabilities to support trust management? CSCE 727 - Farkas
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 727 taught by Professor Staff during the Spring '11 term at South Carolina.

Page1 / 44

csce727-lect6 - Insider Threat Insider Reading List Denning...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online