Entries Tagged as 'Insider Threat '

Developing Controls to Prevent Theft of Intellectual Property

CERT , Insider Threat 2 Comments »

By Randy Trzeciak,
Senior Member of the Technical Staff
The CERT Program

Randy TrzeciakAccording to the 2011 CyberSecurity Watch Survey, approximately 21 percent of cyber crimes against organizations are committed by insiders. Of the 607 organizations participating in the survey, 46 percent stated that the damage caused by insiders was more significant than the damage caused by outsiders. Over the past 11 years, CERT Insider Threat researchers have collected incidents related to malicious activity by insiders obtained from a number of sources, including media reports, the courts, the United States Secret Service, victim organizations, and interviews with convicted felons. From these cases, four patterns of insider threat behavior have been identified: (1) information technology (IT) sabotage, (2) fraud, (3) national security/espionage, and (4) theft of intellectual property (IP). From those patterns, our researchers developed controls that combine technological tools with behavioral indicators to identify employees at risk for committing cyber crimes. These tools and indicators provide those who monitor networks a better warning of potential anomalous behavior. This blog posting—the first in a series highlighting controls developed by the CERT Insider Threat Center—explores controls developed to prevent, identify, or detect IP theft.

Read more...

An Overview of the SEI Technologies Forum

Acquisition , Agile , Cloud Computing , CMMI , Insider Threat , Operational Resilience , Resilience Management Model (RMM) , Smart Grid Maturity Model , Team Software Process (TSP) No Comments »

By Douglas C. Schmidt
Visiting Scientist

We use the SEI Blog to inform you about the latest work at the SEI, so this week I'm summarizing some video presentations recently posted to the SEI website from the SEI Technologies Forum. This virtual event held in late 2011 brought together participants from more than 50 countries to engage with SEI researchers on a sample of our latest work, including cloud computing, insider threat, Agile development, software architecture, security, measurement, process improvement, and acquisition dynamics. This post includes a description of all the video presentations from the first event, along with links where you can view the full presentations on the SEI website.

Read more...

The Latest Research from the SEI

Automated remediation , Insider Threat , Resilience Management Model (RMM) , Service-Oriented Architecture 1 Comment »

By Douglas C. Schmidt
Visiting Scientist

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in insider threat, interoperability, service-oriented architecture, operational resilience, and automated remediation. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

The Latest Research from the SEI

Acquisition , CMMI , Insider Threat , Smart Grid Maturity Model No Comments »

By Douglas C. Schmidt,
Chief Technology Officer

Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in Agile methods, insider threat,the SMART Grid Maturity Model, acquisition, and CMMI.  This post includes a listing of each report, author/s, and links where the published reports can be accessed on the SEI website.

 

Read more...

Protecting Against Insider Threats with Enterprise Architecture Patterns

Insider Threat , Insider Threat Patterns 6 Comments »

Andrew P. Moore,
Insider Threat Researcher
CERT 

Andrew P. MooreThe 2011 CyberSecurity Watch survey revealed that 27 percent of cybersecurity attacks against organizations were caused by disgruntled, greedy, or subversive insiders, employees, or contractors with access to that organization’s network systems or data. Of the 607 survey respondents, 43 percent view insider threat attacks as more costly and cited not only a financial loss but also damage to reputation, critical system disruption, and loss of confidential or proprietary information. For the Department of Defense (DoD) and industry, combating insider threat attacks is hard due to the authorized physical and logical access of insiders to organization systems and intimate knowledge of organizations themselves. Unfortunately, current countermeasures to insider threat are largely reactive, resulting in information systems storing sensitive information with inadequate protection against the range of procedural and technical vulnerabilities commonly exploited by insiders. This posting describes the work of researchers at the CERT® Insider Threat Center to help protect next-generation DoD enterprise systems against insider threats by capturing, validating, and applying enterprise architectural patterns.

Read more...