A Field Guide to Insider Threat Helps Manage the Risk

Slides:



Advertisements
Similar presentations
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Advertisements

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Security from the Inside Michael Tillison Senior Vice President ManTech International Corp.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
© Carnegie Mellon University The CERT Insider Threat Center.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
Strategic Alignment Maturity Maturity is when your long-term intentions shape your short-term focus - Anonymous.
Program Management Overview (An Introduction)
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Strategic and Operational planning. Planning Planning means the creation of a plan Planning: the organizational process of creating and maintaining a.
Cyber-Warfare: The Future is Now!
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Threats and vulnerabilities
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Chapter 13 Security Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives State the major responsibility.
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.
Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.
Risk Management for Business
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
PwC Informations- gold assets. 2 Introduction 3 Central and Eastern EuropeGlobal Number of companies that have been victims of economic crime in the.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Insider Threat. CSCE Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.
Establishing an Aviation Risk Context APEC TPTWG-27 Aviation Security Experts Sub-Group Meeting Denise Morgan Office of Transport Security May 2006.
Managing Quality & Risk Week 5 – 08 October Risk and People Module leader – Tim Rose.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
A. Define the term risk. Business Risk – the potential for loss or failure.
MODERN WORKPLACE Innovate with Connected Collaboration.
Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.
SAM Cybersecurity Engagement
Customer Experience: Create a digitally led customer experience
Proposed Updates to the Framework for Improving Critical Infrastructure Cybersecurity (Draft Version 1.1) March 2017
IT Threat and Risk Assessment Overview
Physical Security Governance Model
Information Security – Current Challenges
Cybersecurity, competence and preparedness
Leadership and Strategic Planning
Monitoring and Evaluation Systems for NARS organizations in Papua New Guinea Day 4. Session 12. Risk Management.
Data Architecture World Class Operations - Impact Workshop.
BUSINESS CONTINUITY BY HUI ZHENG.
SWOT Analysis Overview Hotel Level SWOT Analysis Template
Board Concerns About Cyber Security
Joe, Larry, Josh, Susan, Mary, & Ken
SAM Healthcare Cybersecurity Assessment
SAM Financial Services Cybersecurity Assessment
به نام خداوند بخشنده و مهربان.
Axar consulting Strategic Sourcing.
INFORMATION SYSTEMS SECURITY and CONTROL
Cyber security Policy development and implementation
Cybersecurity ATD technical
DATA LOSS PREVENTION Mr. Collins Oduor.
Business Continuity Program Overview
Chapter 34 Risk Management
Strategic threat assessment
Cyber Security in a Risk Management Framework
Define Your IT Strategy
Innovative Foundations Services.
Workforce Planning Project support overview Presenter's Name
KEY INITIATIVE Financial Data and Analytics
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Conducting a Business Impact Analysis (BIA)
Streamline your move to the cloud
Presentation transcript:

A Field Guide to Insider Threat Helps Manage the Risk HUM-T10R A Field Guide to Insider Threat Helps Manage the Risk Tim Casey Senior Strategic Risk Analyst Intel Corp.

How do you think of insider threat?

The problem is becoming more complex Logos and trademarks are the property of their respective owners

The Field Guide to Insider Threat Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak Espionage Financial fraud Misuse Oportun. data theft Physical theft Product alteration Sabotage Violence  

Characterizing Insider Threat

Definitions Insider Threat is the potential for a current or former employee, contractor, or business partner to accidentally or maliciously misuse their trusted access to harm the organization’s employees and customers, assets, or reputation. A Threat Agent is a representative class of people who can harm an organization, intentionally or accidentally, and identified by their unique characteristics and behaviors.

Non-Hostile OR Hostile Insider Threat Agents Non-Hostile Non-Hostile OR Hostile Hostile Non-Hostile Reckless Insider Outward Sympathizer Untrained/ Distracted Insider Hostile/Non-Hostile Partner Supplier Hostile Activist Competitor Disgruntled Insider Irrational Individual Nation State Organized Crime Terrorist Thief New!

Attack Types Accidental leak Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence

Attack Types Accidental leak Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence Ooops IP & Data Loss Ongoing, targeted IP extraction Exiting employees

Threat-Consequence Vector Matrix Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X   Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence Analysis by Intel’s Threat Agent Analysis Group

Applying the Field Guide

Demonstrate the scope of the problem Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Employee Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X   Espionage Financial fraud Misuse Opport. data theft Physical theft Product alteration Sabotage Violence 60 separate Insider Threat vectors – Are you prepared for all of them? X

Prioritizing Protection to Optimize Resources Food Manufacturer (example) Accidental leak Espionage Financial fraud Misuse Opport. data theft Physical theft Product alteration Sabotage Violence Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untraind Distractd Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X   Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence

Prioritizing Protection to Optimize Resources Food Manufacturer (example) Accidental leak Espionage Financial fraud Misuse Opport. data theft Physical theft Violence Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untraind Distractd Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X   Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence Product alteration Sabotage

Untrained/ Distracted Insider Irrational Individual Minimize the Threat Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X   Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence

Provide context for your data Example incidents $15M in lawsuits Lost market lead in key product Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X   Espionage Financial fraud Misuse Opportun. data theft Physical theft Product alteration Sabotage Violence 2-day factory downtime 3% annual shrinkage

Customize for your threat landscape The model is open-ended and you can extend & tailor it to your environment

How the Guide Can Help You Having a Field Guide helps you manage risk by: Establishing a common framework and language for managing insider threat throughout the organization and community Prioritizing threats and optimizing the use of limited resources Identifying threats for mitigation A framework to describe and manage your unique threat landscape

Applying the Field Guide in Your Organization Short term Share the Guide with key stakeholders to inform them of the problem scope and enlist them in your team Assess your particular threats and controls against the Field Guide to ensure you are managing your most dangerous insider risks Medium term Modify the model to reflect your situation and priorities Long term Use the Guide to regularly re-assess your overall insider threat landscape

Resources Intel Field Guide to Insider Threat: http://ow.ly/CLux308vUbP Intel Threat Agent Analysis: https://communities.intel.com/docs/DOC-23914 https://communities.intel.com/docs/DOC-1151 Improving Healthcare Risk Assessments to Maximize Security Budgets (how to tailor the model for your environment): http://ow.ly/1W2H308vUfx CERT Insider Threat Center: https://www.cert.org/insider-threat We actively engage with fellow travelers utilizing Threat Agent Analysis related to: Threat Assessments Supplier Management and Supply Chain Risk Tools and Visualization

Questions?