Apr 22
2013
By Douglas C. Schmidt
Principal Researcher
As
part of an ongoing effort to keep you informed about our latest work, I
would like to let you know about some recently published SEI technical
reports and notes. These reports highlight the latest work of SEI
technologists in quantifying expert judgment, insider threat, detecting and preventing data exfiltration, and developing a common vocabulary for malware analysts.
This post includes a listing of each report, author(s), and links where
the published reports can be accessed on the SEI website.
Read more...
Feb 11
2013
By Douglas C. Schmidt
Principal Researcher
As
part of an ongoing effort to keep you informed about our latest work,
I’d like to let you know about some recently published SEI technical
reports and notes. These reports highlight the latest work of SEI
technologists in and systems engineering, resilience, and insider threat.
This post includes a listing of each report, author(s), and links where
the published reports can be accessed on the SEI website.
Read more...
Dec 10
2012
By Dr. Bill Claycomb
Senior Member of the Technical Staff
CERT Insider Threat Center
Sabotage
of IT systems by employees (the so-called “inside threat”) is a serious
problem facing many companies today. Not only can data or computing
systems be damaged, but outward-facing systems can be compromised to
such an extent that customers cannot access an organization’s resources
or products. Previous blog postings on the topic of insider threat have discussed mitigation patterns, controls that help identify insiders at risk of committing cyber crime, and the
protection of next-generation DoD enterprise systems against insider
threats through the capture, validation, and application of enterprise
architectural patterns. This blog post describes our latest research in determining the indicators that insiders might demonstrate prior to attacks.
Read more...
Oct 1
2012
By Andrew P. Moore
Senior Member of the Technical Staff
The CERT Program
Since 2001, researchers at the CERT Insider Threat Center
have documented malicious insider activity by examining media reports
and court transcripts and conducting interviews with the United States
Secret Service, victims’ organizations, and convicted felons. Among the
more than 700 insider threat cases that we’ve documented, our analysis
has identified more than 100 categories of weaknesses in systems,
processes, people or technologies that allowed insider threats to occur.
One aspect of our research has focused on identifying enterprise
architecture patterns that protect organization systems from malicious
insider threat. Enterprise architecture patterns are organization
patterns that involve the full scope of enterprise architecture
concerns, including people, processes, technology, and facilities. Our
goal with this pattern work is to equip organizations with the tools
necessary to institute controls that will reduce the incidence of
insider compromise. This blog post is the second in a series that describes our research to create and validate an insider threat mitigation pattern language that focuses on helping organizations balance the cost of security controls with the risk of insider compromise.
Read more...
May 14
2012
By Randy Trzeciak
Senior Member of the Technical Staff
The CERT Program
According to the 2011 CyberSecurity Watch Survey,
approximately 21 percent of cyber crimes against organizations are
committed by insiders. Of the 607 organizations participating in the
survey, 46 percent stated that the damage caused by insiders was more
significant than the damage caused by outsiders. Over the past 11 years,
researchers at the CERT Insider Threat Center
have documented incidents related to malicious insider activity. Their
sources include media reports, the courts, the United States Secret
Service, victim organizations, and interviews with convicted felons.
From these cases, CERT researchers have identified four models of
insider threat behavior: (1) information technology (IT) sabotage, (2) fraud,
(3) national security/espionage, and (4) theft of intellectual property
(IP). Using those patterns, our researchers have developed network
monitoring controls that combine technological tools with behavioral
indicators to warn network traffic analysts of potential malicious
behavior. While these controls do not necessarily identify ongoing cyber
crimes, they may identify behaviors of at-risk insiders that an
organization should consider for further investigation. This blog
posting, the second in a series highlighting controls developed by the CERT Insider Threat Center, explores controls developed to prevent, identify, or detect IT sabotage.
Read more...
Recent Comments