Entries Tagged as 'Insider Threat '

The Latest Research from the SEI

Insider Threat , Malware No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in quantifying expert judgment, insider threat, detecting and preventing data exfiltration, and developing a common vocabulary for malware analysts. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

The Latest Research from the SEI

Insider Threat , Resilience Management Model (RMM) No Comments »

By Douglas C. Schmidt
Principal Researcher

Doug SchmidtAs part of an ongoing effort to keep you informed about our latest work, I’d like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in and systems engineering, resilience, and insider threat. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

Enabling and Measuring Early Detection of Insider Threats

Insider Threat No Comments »

By Dr. Bill Claycomb
Senior Member of the Technical Staff
CERT Insider Threat Center

William ClaycombSabotage of IT systems by employees (the so-called “inside threat”) is a serious problem facing many companies today.  Not only can data or computing systems be damaged, but outward-facing systems can be compromised to such an extent that customers cannot access an organization’s resources or products.  Previous blog postings  on the topic of insider threat have discussed mitigation patterns, controls that help identify insiders at risk of committing cyber crime, and the protection of next-generation DoD enterprise systems against insider threats through the capture, validation, and application of enterprise architectural patterns. This blog post describes our latest research in determining the indicators that insiders might demonstrate prior to attacks.

Read more...

Effectiveness of a Pattern for Preventing Theft by Insiders

CERT , Insider Threat , Insider Threat Patterns No Comments »

By Andrew P. Moore
Senior Member of the Technical Staff
The CERT Program

Andrew P. Moore Since 2001, researchers at the CERT Insider Threat Center have documented malicious insider activity by examining media reports and court transcripts and conducting interviews with the United States Secret Service, victims’ organizations, and convicted felons. Among the more than 700 insider threat cases that we’ve documented, our analysis has identified more than 100 categories of weaknesses in systems, processes, people or technologies that allowed insider threats to occur. One aspect of our research has focused on identifying enterprise architecture patterns that protect organization systems from malicious insider threat. Enterprise architecture patterns are organization patterns that involve the full scope of enterprise architecture concerns, including people, processes, technology, and facilities. Our goal with this pattern work is to equip organizations with the tools necessary to institute controls that will reduce the incidence of insider compromise. This blog post is the second in a series that describes our research to create and validate an insider threat mitigation pattern language that focuses on helping organizations balance the cost of security controls with the risk of insider compromise.

Read more...

New SIEM Signature Developed to Address Insider Threats

CERT , Insider Threat No Comments »

By Randy Trzeciak
Senior Member of the Technical Staff
The CERT Program

Randy TrzeciakAccording to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, researchers at the CERT Insider Threat Center have documented incidents related to malicious insider activity. Their sources include media reports, the courts, the United States Secret Service, victim organizations, and interviews with convicted felons. From these cases, CERT researchers have identified four models of insider threat behavior: (1) information technology (IT) sabotage, (2) fraud, (3) national security/espionage, and (4) theft of intellectual property (IP). Using those patterns, our researchers have developed network monitoring controls that combine technological tools with behavioral indicators to warn network traffic analysts of potential malicious behavior. While these controls do not necessarily identify ongoing cyber crimes, they may identify behaviors of at-risk insiders that an organization should consider for further investigation. This blog posting, the second in a series highlighting controls developed by the CERT Insider Threat Center, explores controls developed to prevent, identify, or detect IT sabotage.

Read more...