SlideShare uma empresa Scribd logo
1 de 17
Baixar para ler offline
The Accidental Insider Threat:
Is Your Organization Prepared?

Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, FITSP-A

National Security Institute – IMPACT 2013 Conference
Insider Threat – EO-13587
The October 2011 Presidential Executive Order 13587, titled
“Structural Reforms to Improve the Security of Classified
Networks and the Responsible Sharing and Safeguarding of
Classified Information”, mandates that every agency and
federal government systems integrator to implement an
insider threat detection and prevention program by the end of
2013.
This was further reinforced by a presidential memorandum in November 2012
directing federal agencies to deploy monitoring systems that meet prescribed
standards. “One way to increase the chance of catching a malicious
employee is to examine relevant information regarding suspicious or
anomalous behavior of those whose jobs cause them to access classified
information,” a White House spokeswoman commented. Given this new governmentwide mandate, it is paramount that government agencies take insider threats seriously.
Source: http://www.cataphora.com/markets/government/
Insider Threat
Who is the Malicious Insider Threat?
 Disgruntled employees
 Passed over for raise or promotion
 Poor work or home environment

 Former disgruntled employees
 Fired from the company, holds animosity to company or personnel

 Behavior addictions
 Drugs
 Gambling

 Collusion – two or more employees acting together
 Social engineers – use tactics to gain access to resources they don’t

have access to or need. Can steal other users creds…
Insider Threat
Objectives of the Malicious Insider Threat:
 Target individuals that did them wrong
 Introduction of viruses, worms, trojans or other malware
 Theft of information or corporate secrets
 Theft of money
 The corruption or deletion of data
 The altering of data to produce inconvenience or false criminal
evidence
 Theft of the identities of specific individuals in the enterprise
Insider Threat
Elements leading up to a Malicious Insider attack:

www.cert.org
Insider Threat
For the Malicious Insider Threat, we need to be able to:
 Detect malicious insider activity
 Attribute activity to users
 Provide NETOPS tools to track down anomalies
 Allow Security Operations to foresee events through continuous
monitoring
 Execute an effective incident response capability
 Improve Mission Assurance
 Determine new ways to combat cyber threats
Insider Threat
Who is an Accidental Insider Threat?
 All employees – exhibit bad habits







Passwords left on screens, under keyboards
Tailgating into restricted areas, loss of accountability
Using their computers to surf the web or communicate personal e-mail
Bring personal computing devices to work (laptops, PDAs, Smart Phones & Tablets)
Failing to follow OPSEC
Social Engineering – Phone call from imposters, Phishing Emails etc..

 IT Personnel - Create vulnerabilities by:





Having group accounts
Separation of duties
Create scripts or back doors for conveniences
Don’t change default passwords

 Security Personnel – exhibit bad habits
 Deviate from security practices they are required to enforce

 Executive Management
Insider Threat
To Reduce the Risk for the Accidental
Insider Threat, we need to be able to:
 Provide sound policies that articulate specific behavior






expectations in Acceptable use Policies
Educate and Train all personnel on exhibiting good habits
Set the example: Management and Security personnel alike
Provide constant awareness
Institute a mechanism to report suspicious behavior
Audit or assess your program!
Insider Threat - Policies
Reduce the Risk for the Accidental Insider Threat:
Provide sound policies that articulate specific behavior expectations









Good policies have the following elements
 Introduction – State the purpose of the policy (Acceptable Use)
 Scope – Who does the policy apply to? (Everyone, IT personnel, GSU)
 Details – here is where you state the specific elements of the policy.
 Accountability Statement – This is where you articulate who will be responsible for implementing
the policy (Managers/Supervisors) and the ramifications for not adhering to the policy “ Deviations
from this policy will be handled promptly and may include disciplinary action up to and including termination”.
 Policy Owner – The final section articulates the policy owner, date and version of the policy.
Policies should be coordinated with all stakeholders
 Human Resources
 Legal Department
 Security Personnel
 Management
Policies should be specific and enforceable
Policies should be updated periodically
Employees should acknowledge policies with a signature and date
Insider Threat - Training
Reduce the Risk for the Accidental Insider
Threat:
Educate and Train all personnel on exhibiting good habits & behavior






Computer based – Internal/External (DSS/DISA, Others)
Develop in house programs
External training & Conferences
Provide periodically (monthly, biannually, annually)
Gear training to the audience
 All personnel
 IT Personnel
 Security Personnel

 Assess the training material for currency and effectiveness
 Update
 Provide Examples (real world events or case studies)
Insider Threat - Awareness
Reduce the Risk for the Accidental
Insider Threat:
Provide constant awareness
 Reward incentives
 Periodic e-mails
 Posters – common areas





Break rooms
Rest rooms
Specific work areas
Hallways
Insider Threat - Audit
Reduce the Risk for the Accidental
Insider Threat:
Audit or assess your program!
 Periodic
 Have an external audit (DSS/another facility’s FSO)

 Correct deficiencies & if necessary realign resources
 If you don’t have one, establish a budget and justify requirements
Insider Threat
For the Accidental Insider Threat, we need to be able
to:
 Detect malicious insider activity
 Attribute activity to users
 Provide NETOPS tools to track down anomalies
 Allow Security Operations to foresee events through continuous
monitoring
 Execute an effective incident response capability
 Improve Mission Assurance
 Determine new ways to combat cyber threats
For IT Managers & IT Security
Professionals
 Least Privilege
 Segregation of Duties
 Defense in Depth

 Technical Controls
 Preventive Controls
 Detective Controls
 Corrective Controls
 Deterrent Controls

 Risk-Control Adequacy
 Use Choke Points
Additional Resources
The Accidental Insider Threat: Is Your Organization Ready?
 This panel of industry experts explored the threats posed by
“accidental insiders”— individuals who are not maliciously trying
to cause harm, but can unknowingly present a major risk to an
organization and its infrastructure.
 Was Aired on Federal News Radio October 2, 2012 at 12:00 PM ET
Raynor Dahlquist, Booz Allen Hamilton, Panel Moderator
Tom Kellermann, Trend Micro
Angela McKay, Microsoft
Michael C. Theis, CERT Insider Threat Center
http://www.federalnewsradio.com/262/3054242/The-Accidental-Insider-Threat-Is-Your-Organization-Ready
Additional Resources
Advanced Persistent Threat (APT) and Insider Threat
http://cyber-defense.sans.org/blog/2012/10/23/advanced-persistent-threat-apt-and-insider-threat

Insiders and Insider Threats - An Overview of Definitions and
Mitigation Techniques
http://isyou.info/jowua/papers/jowua-v2n1-1.pdf

The Accidental Insider Threat – A White Paper
Dr. Shawn P. Murray, Jones International University – (Available on the NSI Website)
Questions?

Mais conteúdo relacionado

Mais procurados

The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
INTRODUCCION CIBERSEGURIDAD
INTRODUCCION CIBERSEGURIDADINTRODUCCION CIBERSEGURIDAD
INTRODUCCION CIBERSEGURIDADMiguel Cabrera
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Cyber security awareness presentation
Cyber security awareness  presentationCyber security awareness  presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

Mais procurados (20)

The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Insider threat kill chain
Insider threat   kill chainInsider threat   kill chain
Insider threat kill chain
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeam
 
Data security
Data securityData security
Data security
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
INTRODUCCION CIBERSEGURIDAD
INTRODUCCION CIBERSEGURIDADINTRODUCCION CIBERSEGURIDAD
INTRODUCCION CIBERSEGURIDAD
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Cyber security awareness presentation
Cyber security awareness  presentationCyber security awareness  presentation
Cyber security awareness presentation
 
cyber security
cyber securitycyber security
cyber security
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Destaque

5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
Snowden slides
Snowden slidesSnowden slides
Snowden slidesDavid West
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 

Destaque (9)

Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentation
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
Insider threat
Insider threatInsider threat
Insider threat
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Snowden slides
Snowden slidesSnowden slides
Snowden slides
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
 

Semelhante a The Accidental Insider Threat

Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Security Policy Framework
Security Policy FrameworkSecurity Policy Framework
Security Policy FrameworkDiana Walker
 
Convergence innovative integration of security
Convergence   innovative integration of securityConvergence   innovative integration of security
Convergence innovative integration of securityciso_insights
 
reply to the below discussions with 250 words1)  Informa.docx
reply to the below discussions with 250 words1)  Informa.docxreply to the below discussions with 250 words1)  Informa.docx
reply to the below discussions with 250 words1)  Informa.docxchris293
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK                .docxRunning Head STATEMENT OF WORKSTATEMENT OF WORK                .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docxtoltonkendal
 
Running Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docx
Running Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docxRunning Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docx
Running Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docxtoltonkendal
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docxeugeniadean34240
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirementsgurneyhal
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
Enterprise security management II
Enterprise security management   IIEnterprise security management   II
Enterprise security management IIzapp0
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness              .docxRunning Head SECURITY AWARENESSSecurity Awareness              .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 

Semelhante a The Accidental Insider Threat (20)

Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Security Policy Framework
Security Policy FrameworkSecurity Policy Framework
Security Policy Framework
 
Convergence innovative integration of security
Convergence   innovative integration of securityConvergence   innovative integration of security
Convergence innovative integration of security
 
reply to the below discussions with 250 words1)  Informa.docx
reply to the below discussions with 250 words1)  Informa.docxreply to the below discussions with 250 words1)  Informa.docx
reply to the below discussions with 250 words1)  Informa.docx
 
Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016
 
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK                .docxRunning Head STATEMENT OF WORKSTATEMENT OF WORK                .docx
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 
Running Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docx
Running Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docxRunning Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docx
Running Head SECURITY POLICIES DEVELOPMENT1SECURITY POLICIES D.docx
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docx
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
Stu r37 a
Stu r37 aStu r37 a
Stu r37 a
 
Enterprise security management II
Enterprise security management   IIEnterprise security management   II
Enterprise security management II
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness              .docxRunning Head SECURITY AWARENESSSecurity Awareness              .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 

Mais de Murray Security Services

Mais de Murray Security Services (14)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR -  Deep Web ToR -  Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 

Último

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 

Último (20)

20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 

The Accidental Insider Threat

  • 1. The Accidental Insider Threat: Is Your Organization Prepared? Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, FITSP-A National Security Institute – IMPACT 2013 Conference
  • 2. Insider Threat – EO-13587 The October 2011 Presidential Executive Order 13587, titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information”, mandates that every agency and federal government systems integrator to implement an insider threat detection and prevention program by the end of 2013. This was further reinforced by a presidential memorandum in November 2012 directing federal agencies to deploy monitoring systems that meet prescribed standards. “One way to increase the chance of catching a malicious employee is to examine relevant information regarding suspicious or anomalous behavior of those whose jobs cause them to access classified information,” a White House spokeswoman commented. Given this new governmentwide mandate, it is paramount that government agencies take insider threats seriously. Source: http://www.cataphora.com/markets/government/
  • 3. Insider Threat Who is the Malicious Insider Threat?  Disgruntled employees  Passed over for raise or promotion  Poor work or home environment  Former disgruntled employees  Fired from the company, holds animosity to company or personnel  Behavior addictions  Drugs  Gambling  Collusion – two or more employees acting together  Social engineers – use tactics to gain access to resources they don’t have access to or need. Can steal other users creds…
  • 4. Insider Threat Objectives of the Malicious Insider Threat:  Target individuals that did them wrong  Introduction of viruses, worms, trojans or other malware  Theft of information or corporate secrets  Theft of money  The corruption or deletion of data  The altering of data to produce inconvenience or false criminal evidence  Theft of the identities of specific individuals in the enterprise
  • 5. Insider Threat Elements leading up to a Malicious Insider attack: www.cert.org
  • 6. Insider Threat For the Malicious Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Improve Mission Assurance  Determine new ways to combat cyber threats
  • 7. Insider Threat Who is an Accidental Insider Threat?  All employees – exhibit bad habits       Passwords left on screens, under keyboards Tailgating into restricted areas, loss of accountability Using their computers to surf the web or communicate personal e-mail Bring personal computing devices to work (laptops, PDAs, Smart Phones & Tablets) Failing to follow OPSEC Social Engineering – Phone call from imposters, Phishing Emails etc..  IT Personnel - Create vulnerabilities by:     Having group accounts Separation of duties Create scripts or back doors for conveniences Don’t change default passwords  Security Personnel – exhibit bad habits  Deviate from security practices they are required to enforce  Executive Management
  • 8. Insider Threat To Reduce the Risk for the Accidental Insider Threat, we need to be able to:  Provide sound policies that articulate specific behavior      expectations in Acceptable use Policies Educate and Train all personnel on exhibiting good habits Set the example: Management and Security personnel alike Provide constant awareness Institute a mechanism to report suspicious behavior Audit or assess your program!
  • 9. Insider Threat - Policies Reduce the Risk for the Accidental Insider Threat: Provide sound policies that articulate specific behavior expectations      Good policies have the following elements  Introduction – State the purpose of the policy (Acceptable Use)  Scope – Who does the policy apply to? (Everyone, IT personnel, GSU)  Details – here is where you state the specific elements of the policy.  Accountability Statement – This is where you articulate who will be responsible for implementing the policy (Managers/Supervisors) and the ramifications for not adhering to the policy “ Deviations from this policy will be handled promptly and may include disciplinary action up to and including termination”.  Policy Owner – The final section articulates the policy owner, date and version of the policy. Policies should be coordinated with all stakeholders  Human Resources  Legal Department  Security Personnel  Management Policies should be specific and enforceable Policies should be updated periodically Employees should acknowledge policies with a signature and date
  • 10. Insider Threat - Training Reduce the Risk for the Accidental Insider Threat: Educate and Train all personnel on exhibiting good habits & behavior      Computer based – Internal/External (DSS/DISA, Others) Develop in house programs External training & Conferences Provide periodically (monthly, biannually, annually) Gear training to the audience  All personnel  IT Personnel  Security Personnel  Assess the training material for currency and effectiveness  Update  Provide Examples (real world events or case studies)
  • 11. Insider Threat - Awareness Reduce the Risk for the Accidental Insider Threat: Provide constant awareness  Reward incentives  Periodic e-mails  Posters – common areas     Break rooms Rest rooms Specific work areas Hallways
  • 12. Insider Threat - Audit Reduce the Risk for the Accidental Insider Threat: Audit or assess your program!  Periodic  Have an external audit (DSS/another facility’s FSO)  Correct deficiencies & if necessary realign resources  If you don’t have one, establish a budget and justify requirements
  • 13. Insider Threat For the Accidental Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Improve Mission Assurance  Determine new ways to combat cyber threats
  • 14. For IT Managers & IT Security Professionals  Least Privilege  Segregation of Duties  Defense in Depth  Technical Controls  Preventive Controls  Detective Controls  Corrective Controls  Deterrent Controls  Risk-Control Adequacy  Use Choke Points
  • 15. Additional Resources The Accidental Insider Threat: Is Your Organization Ready?  This panel of industry experts explored the threats posed by “accidental insiders”— individuals who are not maliciously trying to cause harm, but can unknowingly present a major risk to an organization and its infrastructure.  Was Aired on Federal News Radio October 2, 2012 at 12:00 PM ET Raynor Dahlquist, Booz Allen Hamilton, Panel Moderator Tom Kellermann, Trend Micro Angela McKay, Microsoft Michael C. Theis, CERT Insider Threat Center http://www.federalnewsradio.com/262/3054242/The-Accidental-Insider-Threat-Is-Your-Organization-Ready
  • 16. Additional Resources Advanced Persistent Threat (APT) and Insider Threat http://cyber-defense.sans.org/blog/2012/10/23/advanced-persistent-threat-apt-and-insider-threat Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques http://isyou.info/jowua/papers/jowua-v2n1-1.pdf The Accidental Insider Threat – A White Paper Dr. Shawn P. Murray, Jones International University – (Available on the NSI Website)