Entries Tagged as 'Insider Threat '

New SIEM Signature Developed to Address Insider Threats

CERT , Insider Threat No Comments »

By Randy Trzeciak
Senior Member of the Technical Staff
The CERT Program

Randy TrzeciakAccording to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, researchers at the CERT Insider Threat Center have documented incidents related to malicious insider activity. Their sources include media reports, the courts, the United States Secret Service, victim organizations, and interviews with convicted felons. From these cases, CERT researchers have identified four models of insider threat behavior: (1) information technology (IT) sabotage, (2) fraud, (3) national security/espionage, and (4) theft of intellectual property (IP). Using those patterns, our researchers have developed network monitoring controls that combine technological tools with behavioral indicators to warn network traffic analysts of potential malicious behavior. While these controls do not necessarily identify ongoing cyber crimes, they may identify behaviors of at-risk insiders that an organization should consider for further investigation. This blog posting, the second in a series highlighting controls developed by the CERT Insider Threat Center, explores controls developed to prevent, identify, or detect IT sabotage.

Read more...

Developing Controls to Prevent Theft of Intellectual Property

CERT , Insider Threat 2 Comments »

By Randy Trzeciak,
Senior Member of the Technical Staff
The CERT Program

Randy TrzeciakAccording to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, CERT Insider Threat researchers have collected incidents related to malicious activity by insiders obtained from a number of sources, including media reports, the courts, the United States Secret Service, victim organizations, and interviews with convicted felons. From these cases, four patterns of insider threat behavior have been identified: (1) information technology (IT) sabotage, (2) fraud, (3) national security/espionage, and (4) theft of intellectual property (IP). From those patterns, our researchers developed controls that combine technological tools with behavioral indicators to identify employees at risk for committing cyber crimes. These tools and indicators provide those who monitor networks a better warning of potential anomalous behavior. This blog posting—the first in a series highlighting controls developed by the CERT Insider Threat Center—explores controls developed to prevent, identify, or detect IP theft.

Read more...

An Overview of the SEI Technologies Forum

Acquisition , Agile , Cloud Computing , CMMI , Insider Threat , Operational Resilience , Resilience Management Model (RMM) , Smart Grid Maturity Model , Team Software Process (TSP) No Comments »

By Douglas C. Schmidt
Visiting Scientist

We use the SEI Blog to inform you about the latest work at the SEI, so this week I'm summarizing some video presentations recently posted to the SEI website from the SEI Technologies Forum. This virtual event held in late 2011 brought together participants from more than 50 countries to engage with SEI researchers on a sample of our latest work, including cloud computing, insider threat, Agile development, software architecture, security, measurement, process improvement, and acquisition dynamics. This post includes a description of all the video presentations from the first event, along with links where you can view the full presentations on the SEI website.

Read more...

The Latest Research from the SEI

Automated remediation , Insider Threat , Resilience Management Model (RMM) , Service-Oriented Architecture 1 Comment »

By Douglas C. Schmidt
Visiting Scientist

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in insider threat, interoperability, service-oriented architecture, operational resilience, and automated remediation. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

The Latest Research from the SEI

Acquisition , CMMI , Insider Threat , Smart Grid Maturity Model No Comments »

By Douglas C. Schmidt,
Chief Technology Officer

Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in Agile methods, insider threat,the SMART Grid Maturity Model, acquisition, and CMMI.  This post includes a listing of each report, author/s, and links where the published reports can be accessed on the SEI website.

 

Read more...