Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources

Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources

Ratings: (0)|Views: 21|Likes:
Removable media, such as universal serial bus (USB) flash drives, present unique problems to the enterprise since insiders can use such media to remove proprietary information from company systems. Insiders may do this for legitimate reasons, such as to work on material at home, or they may do so for malicious reasons, such as to steal intellectual property.
Organizations must establish and implement effective methods and processes to prevent unauthorized use of removable media while still allowing users with a genuine business need to access and remove such media. In addition, organizations should establish sound methods to track critical electronic assets so that they may better protect them.
This report focuses on the theft of intellectual property using removable media, in particular, USB devices. We present methods to control removable media devices in a Microsoft Windows environment using Group Policy within an Active Directory environment. We also explore OpenDLP, an open source tool for identifying where sensitive data resides on organizational systems.
Removable media, such as universal serial bus (USB) flash drives, present unique problems to the enterprise since insiders can use such media to remove proprietary information from company systems. Insiders may do this for legitimate reasons, such as to work on material at home, or they may do so for malicious reasons, such as to steal intellectual property.
Organizations must establish and implement effective methods and processes to prevent unauthorized use of removable media while still allowing users with a genuine business need to access and remove such media. In addition, organizations should establish sound methods to track critical electronic assets so that they may better protect them.
This report focuses on the theft of intellectual property using removable media, in particular, USB devices. We present methods to control removable media devices in a Microsoft Windows environment using Group Policy within an Active Directory environment. We also explore OpenDLP, an open source tool for identifying where sensitive data resides on organizational systems.

More info:

Categories:Types, Research
Published by: Software Engineering Institute Publications on Jan 16, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/26/2013

pdf

text

original

 
 Insider Threat Control: UnderstandingData Loss Prevention (DLP) and Detectionby Correlating Events from MultipleSources
George J. SilowashChristopher King
January 2013TECHNICAL NOTE
CMU/SEI-2013-TN-002
CERT
 ® 
Program
 
 
SEI markings v3.2 / 30 August 2011
Copyright 2012 Carnegie Mellon UniversityThis material is based upon work funded and supported by Department of Homeland Security under Contract No.FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federallyfunded research and development center sponsored by the United States Department of Defense.Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and donot necessarily reflect the views of Department of Homeland Security or the United States Department of Defense.NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTEMATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NOWARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUTNOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, ORRESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKEANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, ORCOPYRIGHT INFRINGEMENT.This material has been approved for public release and unlimited distribution except as restricted below.Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use isgranted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written orelectronic form without requesting formal permission. Permission is required for any other external and/or commercialuse. Requests for permission should be directed to the Software Engineering Institute atpermission@sei.cmu.edu.* These restrictions do not apply to U.S. government entities.Carnegie Mellon® and CERT® are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.DM-0000083
 
 
 
CMU/SEI-2013-TN-002|
i
 
Table of Contents
Acknowledgments vii
 
Abstract ix
 
1
 
Introduction 1
 
1.1
 
Audience and Structure of this Report 1
 
2
 
Mitigating Insider Threat: Tools and Techniques 2
 
2.1
 
The CERT Insider Threat Database 3
 
2.2
 
The Windows Registry 3
 
2.3
 
Controlling USB Devices 4
 
2.4
 
Auditing USB Device Usage 4
 
2.4.1
 
Create an Auditing Policy 5
 
3
 
Identifying Sensitive Data 7
 
3.1
 
OpenDLP 7
 
3.1.1
 
Requirements 7
 
3.1.2
 
Background 7
 
3.1.3
 
OpenDLP and Regular Expressions 8
 
3.1.4
 
Create a Scan Profile 9
 
3.1.5
 
Create a Scan Profile 10
 
3.1.6
 
Start a Scan 10
 
3.1.7
 
View the Scan Results 11
 
4
 
Correlating Audit Events Across Tools, Machines, and Users 14
 
5
 
Conclusion 16
 
6
 
References 17
 

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->