SlideShare une entreprise Scribd logo

The Accidental Insider Threat

Murray Security Services
Murray Security Services

The document discusses the threat of insider threats, both malicious and accidental, to organizations. It notes that a 2011 presidential executive order mandates that all government agencies implement insider threat detection programs by 2013. Both intentional and accidental insider threats can potentially damage an organization. To mitigate risks, the document recommends that organizations establish sound security policies, provide training to all personnel, conduct constant security awareness activities, and regularly audit insider threat programs. It also suggests technical controls and strategies for IT and security professionals to help detect and prevent insider threats.

TechnologieBusiness
1  sur  17
Télécharger pour lire hors ligne
The Accidental Insider Threat: Is Your Organization Prepared? Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, FITSP-A National Security Institute – IMPACT 2013 Conference
Insider Threat – EO-13587 The October 2011 Presidential Executive Order 13587, titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information”, mandates that every agency and federal government systems integrator to implement an insider threat detection and prevention program by the end of 2013. This was further reinforced by a presidential memorandum in November 2012 directing federal agencies to deploy monitoring systems that meet prescribed standards. “One way to increase the chance of catching a malicious employee is to examine relevant information regarding suspicious or anomalous behavior of those whose jobs cause them to access classified information,” a White House spokeswoman commented. Given this new governmentwide mandate, it is paramount that government agencies take insider threats seriously. Source: http://www.cataphora.com/markets/government/
Insider Threat Who is the Malicious Insider Threat?  Disgruntled employees  Passed over for raise or promotion  Poor work or home environment  Former disgruntled employees  Fired from the company, holds animosity to company or personnel  Behavior addictions  Drugs  Gambling  Collusion – two or more employees acting together  Social engineers – use tactics to gain access to resources they don’t have access to or need. Can steal other users creds…
Insider Threat Objectives of the Malicious Insider Threat:  Target individuals that did them wrong  Introduction of viruses, worms, trojans or other malware  Theft of information or corporate secrets  Theft of money  The corruption or deletion of data  The altering of data to produce inconvenience or false criminal evidence  Theft of the identities of specific individuals in the enterprise
Insider Threat Elements leading up to a Malicious Insider attack: www.cert.org
Insider Threat For the Malicious Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Improve Mission Assurance  Determine new ways to combat cyber threats
Insider Threat Who is an Accidental Insider Threat?  All employees – exhibit bad habits       Passwords left on screens, under keyboards Tailgating into restricted areas, loss of accountability Using their computers to surf the web or communicate personal e-mail Bring personal computing devices to work (laptops, PDAs, Smart Phones & Tablets) Failing to follow OPSEC Social Engineering – Phone call from imposters, Phishing Emails etc..  IT Personnel - Create vulnerabilities by:     Having group accounts Separation of duties Create scripts or back doors for conveniences Don’t change default passwords  Security Personnel – exhibit bad habits  Deviate from security practices they are required to enforce  Executive Management
Insider Threat To Reduce the Risk for the Accidental Insider Threat, we need to be able to:  Provide sound policies that articulate specific behavior      expectations in Acceptable use Policies Educate and Train all personnel on exhibiting good habits Set the example: Management and Security personnel alike Provide constant awareness Institute a mechanism to report suspicious behavior Audit or assess your program!
Insider Threat - Policies Reduce the Risk for the Accidental Insider Threat: Provide sound policies that articulate specific behavior expectations      Good policies have the following elements  Introduction – State the purpose of the policy (Acceptable Use)  Scope – Who does the policy apply to? (Everyone, IT personnel, GSU)  Details – here is where you state the specific elements of the policy.  Accountability Statement – This is where you articulate who will be responsible for implementing the policy (Managers/Supervisors) and the ramifications for not adhering to the policy “ Deviations from this policy will be handled promptly and may include disciplinary action up to and including termination”.  Policy Owner – The final section articulates the policy owner, date and version of the policy. Policies should be coordinated with all stakeholders  Human Resources  Legal Department  Security Personnel  Management Policies should be specific and enforceable Policies should be updated periodically Employees should acknowledge policies with a signature and date
Insider Threat - Training Reduce the Risk for the Accidental Insider Threat: Educate and Train all personnel on exhibiting good habits & behavior      Computer based – Internal/External (DSS/DISA, Others) Develop in house programs External training & Conferences Provide periodically (monthly, biannually, annually) Gear training to the audience  All personnel  IT Personnel  Security Personnel  Assess the training material for currency and effectiveness  Update  Provide Examples (real world events or case studies)
Insider Threat - Awareness Reduce the Risk for the Accidental Insider Threat: Provide constant awareness  Reward incentives  Periodic e-mails  Posters – common areas     Break rooms Rest rooms Specific work areas Hallways
Insider Threat - Audit Reduce the Risk for the Accidental Insider Threat: Audit or assess your program!  Periodic  Have an external audit (DSS/another facility’s FSO)  Correct deficiencies & if necessary realign resources  If you don’t have one, establish a budget and justify requirements
Insider Threat For the Accidental Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Improve Mission Assurance  Determine new ways to combat cyber threats
For IT Managers & IT Security Professionals  Least Privilege  Segregation of Duties  Defense in Depth  Technical Controls  Preventive Controls  Detective Controls  Corrective Controls  Deterrent Controls  Risk-Control Adequacy  Use Choke Points
Additional Resources The Accidental Insider Threat: Is Your Organization Ready?  This panel of industry experts explored the threats posed by “accidental insiders”— individuals who are not maliciously trying to cause harm, but can unknowingly present a major risk to an organization and its infrastructure.  Was Aired on Federal News Radio October 2, 2012 at 12:00 PM ET Raynor Dahlquist, Booz Allen Hamilton, Panel Moderator Tom Kellermann, Trend Micro Angela McKay, Microsoft Michael C. Theis, CERT Insider Threat Center http://www.federalnewsradio.com/262/3054242/The-Accidental-Insider-Threat-Is-Your-Organization-Ready
Additional Resources Advanced Persistent Threat (APT) and Insider Threat http://cyber-defense.sans.org/blog/2012/10/23/advanced-persistent-threat-apt-and-insider-threat Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques http://isyou.info/jowua/papers/jowua-v2n1-1.pdf The Accidental Insider Threat – A White Paper Dr. Shawn P. Murray, Jones International University – (Available on the NSI Website)
Questions?

Recommandé

Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
gjohansen
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 

Recommandé

Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
gjohansen
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
Stephen Cobb
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
Happiest Minds Technologies
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats
mohamad Hamizi
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
Data Security
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
Marco Raposo
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
Symeon Papadopoulos
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 

Contenu connexe

Tendances

The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 

Tendances (20)

Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
8. operations security
8. operations security8. operations security
8. operations security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Incident response
Incident responseIncident response
Incident response
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 

En vedette

5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
Kashif Semple
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
Matt Frowert
 

En vedette (9)

Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentation
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
Insider threat
Insider threatInsider threat
Insider threat
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Snowden slides
Snowden slidesSnowden slides
Snowden slides
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
 

Similaire à The Accidental Insider Threat

Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Richard Lawson
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
Samuel Loomis
 
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docxRunning Head STATEMENT OF WORKSTATEMENT OF WORK .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
toltonkendal
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
phanleson
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
eugeniadean34240
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 

Similaire à The Accidental Insider Threat (20)

Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
 
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docxRunning Head STATEMENT OF WORKSTATEMENT OF WORK .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdf
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
Stu r37 a
Stu r37 aStu r37 a
Stu r37 a
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 

Plus de Murray Security Services

Plus de Murray Security Services (14)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

The Accidental Insider Threat

  • 1. The Accidental Insider Threat: Is Your Organization Prepared? Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, FITSP-A National Security Institute – IMPACT 2013 Conference
  • 2. Insider Threat – EO-13587 The October 2011 Presidential Executive Order 13587, titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information”, mandates that every agency and federal government systems integrator to implement an insider threat detection and prevention program by the end of 2013. This was further reinforced by a presidential memorandum in November 2012 directing federal agencies to deploy monitoring systems that meet prescribed standards. “One way to increase the chance of catching a malicious employee is to examine relevant information regarding suspicious or anomalous behavior of those whose jobs cause them to access classified information,” a White House spokeswoman commented. Given this new governmentwide mandate, it is paramount that government agencies take insider threats seriously. Source: http://www.cataphora.com/markets/government/
  • 3. Insider Threat Who is the Malicious Insider Threat?  Disgruntled employees  Passed over for raise or promotion  Poor work or home environment  Former disgruntled employees  Fired from the company, holds animosity to company or personnel  Behavior addictions  Drugs  Gambling  Collusion – two or more employees acting together  Social engineers – use tactics to gain access to resources they don’t have access to or need. Can steal other users creds…
  • 4. Insider Threat Objectives of the Malicious Insider Threat:  Target individuals that did them wrong  Introduction of viruses, worms, trojans or other malware  Theft of information or corporate secrets  Theft of money  The corruption or deletion of data  The altering of data to produce inconvenience or false criminal evidence  Theft of the identities of specific individuals in the enterprise
  • 5. Insider Threat Elements leading up to a Malicious Insider attack: www.cert.org
  • 6. Insider Threat For the Malicious Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Improve Mission Assurance  Determine new ways to combat cyber threats
  • 7. Insider Threat Who is an Accidental Insider Threat?  All employees – exhibit bad habits       Passwords left on screens, under keyboards Tailgating into restricted areas, loss of accountability Using their computers to surf the web or communicate personal e-mail Bring personal computing devices to work (laptops, PDAs, Smart Phones & Tablets) Failing to follow OPSEC Social Engineering – Phone call from imposters, Phishing Emails etc..  IT Personnel - Create vulnerabilities by:     Having group accounts Separation of duties Create scripts or back doors for conveniences Don’t change default passwords  Security Personnel – exhibit bad habits  Deviate from security practices they are required to enforce  Executive Management
  • 8. Insider Threat To Reduce the Risk for the Accidental Insider Threat, we need to be able to:  Provide sound policies that articulate specific behavior      expectations in Acceptable use Policies Educate and Train all personnel on exhibiting good habits Set the example: Management and Security personnel alike Provide constant awareness Institute a mechanism to report suspicious behavior Audit or assess your program!
  • 9. Insider Threat - Policies Reduce the Risk for the Accidental Insider Threat: Provide sound policies that articulate specific behavior expectations      Good policies have the following elements  Introduction – State the purpose of the policy (Acceptable Use)  Scope – Who does the policy apply to? (Everyone, IT personnel, GSU)  Details – here is where you state the specific elements of the policy.  Accountability Statement – This is where you articulate who will be responsible for implementing the policy (Managers/Supervisors) and the ramifications for not adhering to the policy “ Deviations from this policy will be handled promptly and may include disciplinary action up to and including termination”.  Policy Owner – The final section articulates the policy owner, date and version of the policy. Policies should be coordinated with all stakeholders  Human Resources  Legal Department  Security Personnel  Management Policies should be specific and enforceable Policies should be updated periodically Employees should acknowledge policies with a signature and date
  • 10. Insider Threat - Training Reduce the Risk for the Accidental Insider Threat: Educate and Train all personnel on exhibiting good habits & behavior      Computer based – Internal/External (DSS/DISA, Others) Develop in house programs External training & Conferences Provide periodically (monthly, biannually, annually) Gear training to the audience  All personnel  IT Personnel  Security Personnel  Assess the training material for currency and effectiveness  Update  Provide Examples (real world events or case studies)
  • 11. Insider Threat - Awareness Reduce the Risk for the Accidental Insider Threat: Provide constant awareness  Reward incentives  Periodic e-mails  Posters – common areas     Break rooms Rest rooms Specific work areas Hallways
  • 12. Insider Threat - Audit Reduce the Risk for the Accidental Insider Threat: Audit or assess your program!  Periodic  Have an external audit (DSS/another facility’s FSO)  Correct deficiencies & if necessary realign resources  If you don’t have one, establish a budget and justify requirements
  • 13. Insider Threat For the Accidental Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Improve Mission Assurance  Determine new ways to combat cyber threats
  • 14. For IT Managers & IT Security Professionals  Least Privilege  Segregation of Duties  Defense in Depth  Technical Controls  Preventive Controls  Detective Controls  Corrective Controls  Deterrent Controls  Risk-Control Adequacy  Use Choke Points
  • 15. Additional Resources The Accidental Insider Threat: Is Your Organization Ready?  This panel of industry experts explored the threats posed by “accidental insiders”— individuals who are not maliciously trying to cause harm, but can unknowingly present a major risk to an organization and its infrastructure.  Was Aired on Federal News Radio October 2, 2012 at 12:00 PM ET Raynor Dahlquist, Booz Allen Hamilton, Panel Moderator Tom Kellermann, Trend Micro Angela McKay, Microsoft Michael C. Theis, CERT Insider Threat Center http://www.federalnewsradio.com/262/3054242/The-Accidental-Insider-Threat-Is-Your-Organization-Ready
  • 16. Additional Resources Advanced Persistent Threat (APT) and Insider Threat http://cyber-defense.sans.org/blog/2012/10/23/advanced-persistent-threat-apt-and-insider-threat Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques http://isyou.info/jowua/papers/jowua-v2n1-1.pdf The Accidental Insider Threat – A White Paper Dr. Shawn P. Murray, Jones International University – (Available on the NSI Website)