Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Insider Threat Attributes and Mitigation Strategies

Insider Threat Attributes and Mitigation Strategies

Ratings: (0)|Views: 5 |Likes:
Malicious insiders pose a threat to the confidentiality, integrity, and availability of an organization’s information. Many organizations look for hardware and software solutions that address insider threats but are unsure of what characteristics to look for in a product. This technical note presents seven common attributes of insider threat cases, excluding espionage, drawn from the CERT® Division’s database. The note maps the seven attributes to characteristics insider threat products should possess in order to detect, prevent, or mitigate the threat. None of these attributes alone can identify a malicious insider. Rather, each attribute is one of many data points that an organization should consider when implementing an insider threat program.
Malicious insiders pose a threat to the confidentiality, integrity, and availability of an organization’s information. Many organizations look for hardware and software solutions that address insider threats but are unsure of what characteristics to look for in a product. This technical note presents seven common attributes of insider threat cases, excluding espionage, drawn from the CERT® Division’s database. The note maps the seven attributes to characteristics insider threat products should possess in order to detect, prevent, or mitigate the threat. None of these attributes alone can identify a malicious insider. Rather, each attribute is one of many data points that an organization should consider when implementing an insider threat program.

More info:

Categories:Types, Research
Published by: Software Engineering Institute Publications on Jul 01, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/25/2014

pdf

text

original

 
 Insider Threat Attributes and MitigationStrategies
George J. Silowash
July 2013TECHNICAL NOTE
CMU/SEI-2013-TN-018
CERT
®
Division
 
 
SEI markings v3.2 / 30August2011
Copyright 2013 Carnegie Mellon UniversityThis material is based upon work funded and supported by Department of Homeland Security under Contract No. FA8721-05-C-0003with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and developmentcenter sponsored by the United States Department of Defense.Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarilyreflect the views of Department of Homeland Security or the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL ISFURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIEMELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROMPATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.This material has been approved for public release and unlimited distribution except as restricted below.Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic formwithout requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permissionshould be directed to the Software Engineering Institute atpermission@sei.cmu.edu.* These restrictions do not apply to U.S. government entities.CERT® is a registered mark of Carnegie Mellon University.DM-0000356
 
 
CMU/SEI-2013-TN-018
|
i
 
Table of Contents
 Acknowledgments iii
 
Executive Summary v
 
 Abstract vii
 
1
 
Monitor Phone Activity Logs to Detect Suspicious Behaviors 1
 
Case Study 1 1
 
Solutions 1
 
Common Sense Guide
References 2
 
2
 
Monitor and Control Privileged Accounts 3
 
Case Studies 3
 
2.1.1
 
Case Study 2 3
 
2.1.2
 
Case Study 3 3
 
2.1.3
 
Case Study 4 4
 
Solutions 4
 
Common Sense Guide
References 5
 
3
 
Monitor and Control External Access and Data Downloads 6
 
Case Studies 6
 
3.1.1
 
Case Study 5 6
 
3.1.2
 
Case Study 6 6
 
3.1.3
 
Case Study 7 7
 
Solutions 7
 
Common Sense Guide
References 7
 
4
 
Protect Critical Files from Modification, Deletion, and Unauthorized Disclosure 9
 
Case Studies 9
 
4.1.1
 
Case Study 8 9
 
4.1.2
 
Case Study 9 10
 
4.1.3
 
Case Study 10 10
 
Solutions 11
 
Common Sense Guide
References 11
 
5
 
Disable Accounts or Connections upon Employee Termination 12
 
Case Studies 12
 
5.1.1
 
Case Study 11 12
 
5.1.2
 
Case Study 12 12
 
5.1.3
 
Case Study 13 13
 
Solutions 13
 
Common Sense Guide
References 14
 
6
 
Prevent Unauthorized Removable Storage Mediums 15
 
Case Study 15
 
6.1.1
 
Case Study 14 15
 
6.1.2
 
Case Study 15 15
 
6.1.3
 
Case Study 16 16
 
Solutions 16
 
Common Sense Guide
References 17
 

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->