Approvals 1. 2 Chg #DateChangeSlide #Completed ByReason 18/9/2013From G Washington to B Arnold12Chris OWrong threat profile.

Slides:



Advertisements
Similar presentations
Let’s Get Financially Focused! Objectives Students will be able to: 1. Define credit. 2. Explain the negative impact that counterfeiting, forgery, fraud,
Advertisements

Counterintelligence Indicators Presented by Jerome Smith, Facility Security Officer, LAI/EES.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Cyber Security and the Global Business Environment Jeremy Schaar:)
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.
© Carnegie Mellon University The CERT Insider Threat Center.
Espionage Indicators Briefing 1 U.S. Department of Commerce
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Chapter 1 Introduction to Security
IDENTITY THEFT BY: Victoria Jeffcoat CSCI 101 Lecture Tuesday 2pm.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
INTERNET and CODE OF CONDUCT
Computer Security: Principles and Practice
Call The Police! Vickie L. Mickey, CT,CLHRP. White Collar Crime Edwin Sutherland coined this phrase in the late 1930’s. Usually non-violent crimes Commercial.
1 Raymond Doray Conflicts between the new Canadian Money Laundering Act and the rules of professional conduct and ethics September 13, 2002.
Allows FBI to request (from FISA court judges) access to certain business records, including Common carriers (airlines, bus companies, and others in the.
Security Education and Awareness Security 101 February 28, 2007 JSAC.
JAMES B. AVEY PHD CENTRAL WASHINGTON UNIVERSITY How to Manage Returning Veterans with Potential Post Traumatic Stress Disorder (PTSD)
General Awareness Training
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 FSAIF – Florida Seniors Against Investment Fraud Provided by:
Ethics and professional Conducts for Civil engineers
DEFENSIVE SECURITY BRIEFING. Employee Responsibilities While Traveling Threat Awareness and Defensive Information Methods.
9/15/20151 Initial Security Indoctrination. 9/15/20152 Agenda Physical Security Personnel Security Information Security Information Assurance Public Release.
ESPIONAGE INDICATORS. ESPIONAGE INDICATORS GUIDE BRIEFING DEPARTMENTAL ADMINISTRATIVE ORDER (DAO ) NOAA ADMINISTRATIVE ORDER (NAO )
 a crime committed on a computer network, esp. the Internet.
Unethical use of Computers and Networks
Section Eleven: Threat Awareness and Defensive Measures Note: All classified markings contained within this presentation are for training purposes only.
THREAT AWARENESS. 1 What is “Threat”? Adversary with intent and capability to act against friendly interests. Other countries Business competitors Criminals.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human.
COMPUTER ETHICS Owda Shaqalih Hussam Hamada Nedal ALshorafa.
CENTRA T ECHNOLOGY, I NC. 1 5 Steps To Protect Your Company Katherine D. Mills CENTRA Technology, Inc. Insider Threat:
Chapter 9 Enhancing Information/Computer Security.
Peter Sakaris CISSP Booz Allen Hamilton, 1299 Farnam Street Suite 1230, Omaha, NE Office The Insider Threat.
Enforcing IP Rights Involving Foreign Companies Greg Vogler Chicago, Illinois May 2013.
CD4D Export Control and Economic Espionage Briefing Unit Chief CD4D Alexis Hatten Phone:
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.
By: Bonnie Vo Identity Theft Identity theft is the possession of another person’s personal information for criminal purposes. Identity Theft: What is.
Creating an Insider Threat Program.
Shaun McGorry Executive Briefing July 30, 2009 Identity Theft.
Brown Bag Presentation: Insider Threats By Kevin McKeever.
Procedures to followNumbers you need Information to know Your Farm Name Here Public Relations Plan Communicate to all (employees and press) that only a.
1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.
IDENTITY THEFT Nicholas Michalak. Agenda What is Identity Theft? Background of Identity Theft Legislation Against it Different types and Examples What.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
Security, Ethics and the Law. Vocabulary Terms Copyright laws -software cannot be copied or sold without the software company’s permission. Copyright.
Argonne Office of Counterintelligence Intelligence Analysis Division Argonne National Laboratory.
By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.
Insider Threat Awareness
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Insider Threat Defense Security Service Wajih Harroum CI Special Agent
South Texas College Fraud Awareness and Internal Controls
18 USC § 1030 Computer Fraud and Abuse Act
INSIDER THREAT AWARENESS
Unauthorized Disclosure Training
Initial Security Indoctrination
Engineering Secure Software
Accounting Information Systems & Computer Fraud
Presentation transcript:

Approvals 1

2 Chg #DateChangeSlide #Completed ByReason 18/9/2013From G Washington to B Arnold12Chris OWrong threat profile

Insider Threat Awareness Module Rev. F1 3

What is an Insider Threat? Typically described as disgruntled or unscrupulous employee trying to gain access to information they shouldn’t, and sharing it for personal gain, espionage or revenge. Current or former employees or contractors who Intentionally exceeded or misused an authorized level of network, system or data access in a manner that affected the security of the organizations’ data, systems, or daily business operations (Carnegie Mellon, April 2008). 4

The Insider Threat A summer 2006 E-Crime Watch Survey by CERT and the U. S. Secret Service stated the following: Of 434 responses to the survey, 55% of organizations were victims of electronic crimes and ~30% of those were from insiders. One complex fraud case involving a financial institution reportedly resulted in the loss of $700 million. 5

Recent Cases Greg Chung – spied for China from Federal charges against Chung consisted of stealing trade secrets about the space shuttle, the Delta IV rocket and the C-17 military cargo jet for the benefit of the Chinese government. Chung’s motive was to “contribute to the Motherland.” He was an engineer that stole hundreds of thousands of documents. He traveled to China under the excuse of giving lectures, while secretly meeting with Chinese government officials and agents. Chung was arrested in February 2008 and in February 2010 he was sentenced to 15 years in prison. Sergey Aleynikov - a computer programmer, worked for a company on Wall Street from May 2007 until June During his last few days at that company, he downloaded, and transferred 32 megabytes of proprietary computer codes– a theft that could have cost his employer millions of dollars. He hoped to use the computer codes at his new Chicago-based employer. He attempted to hide his activities, but the company discovered irregularities through its routine network monitoring systems. In December 2010, Aleynikov was found guilty of theft of trade secrets and transportation of stolen property in foreign commerce. 6

History of Insider Threat Espionage and spying are amongst the oldest political and military trades. There are references to spies in ancient Greek history and ancient Egyptian spies were among the first to develop methods of carrying out acts of internal sabotage. 7

Case 1: Can you guess who this is? Position: He was an Insider Motive: Money Prestige/power How was the threat implemented? He had a plan (Obfuscation, Gesture, Diversion). He had expert knowledge. What was the cost? The cost was significant. The punishment was severe. Can you guess who? 8

Case 2: Can you guess who this is? Position: He was an insider. Motives: His was pride was damaged (disgruntled, revenge). He needed money. He had prior problems with the law. How was the threat implemented? He defected with all the knowledge he had gained as an insider and made a plan. He passed a message as a note. He had expert knowledge. The cost was significant due to loss of trust. The punishment was severe. Can you guess who this is? 9

Case 3: Can you guess who this is? Position: He was an insider Motives: He wanted prestige/Power. He wanted money. How was the threat implemented? He had unlimited access to all past insider attacks and investigations of his organization. No due diligence by organization. He had expert knowledge. Cost to organization and the United States was priceless due the type of secrets that were released and number of lives loss. Punishment was severe. Can you guess who this is? 10

Case 4: Can you guess who this is? Position: Insider Motive: He was a disgruntled employee. He wanted power. He had prior problems with the law. How was the threat implemented? He developed a plan. He had unlimited access. He had expert knowledge. What was the cost? Significantly High. Reputation of organization was severely damaged. Can you guess who this is? How could this threat have been prevented? 11

What kind of Insider Threat profile does these four cases create? Expert Knowledge Disgruntled Employee Wanted Power / Prestige History of Bad Behavior Needed Money Had a Plan Case 1 Ancient, Judas Yes No?Yes Case 2 Colonial, Benedict Arnold Yes Case 3 The eighties, Robert Hanssen Yes Case 4 ?? Yes ? 12

Why are we concerned? Theft of intellectual property is an increasing threat to organizations, and can go unnoticed for months or even years. There are increased incidents of employees taking proprietary information when they believe they will be or are searching for a new job. 13

Organizational Factors Employees are not trained on how to properly protect sensitive information Sensitive information not labeled properly The ease that someone may exit the facility with Sensitive information The perception that security is lax and the consequences for theft are minimal or non-existent 14

Personal Motives Greed or Financial Need A belief that money can fix anything. Excessive debt or overwhelming expenses Anger/Revenge Disgruntlement to the point of wanting to retaliate against the organization Problems at work Lack of recognition, disagreements with co-workers or managers, dissatisfaction with the job, a pending layoff Divided Loyalty Allegiance to another person, company, or to a country besides the United States Vulnerability to blackmail Extra-marital affairs, gambling, fraud Ego/Self-Image An “above the rules” attitude, or desire to repair wounds to their self-esteem. Ingratiation Desire to please or win the approval of someone who could benefit from insider information. 15

Behavioral Indicators Without need or authorization, takes sensitive information or other materials home (Documents, thumb drives, computer disks, or ) Inappropriately seeks or obtains sensitive information on subjects not related to their work duties Interest in matters outside the scope of their duties, particularly those of interest to foreign entities or business competitors Unnecessarily copies material, especially sensitive information Remotely accesses the computer network while on vacation, sick leave, or at other odd times Disregard of company computer policies Working odd hours without authorization; notable enthusiasm for overtime work, weekend work, or unusual schedules Unreported foreign contacts (particularly with foreign government officials or intelligence officials) or unreported overseas travel. 16

Behavioral Indicators Cont. Frequent unexplained foreign travel Unexplained affluence Buying things they cannot afford on their household income Engaging in suspicious personal Contacts Such as with competitors, business partners or other unauthorized individuals Overwhelmed by life crises or career disappointments Shows unusual interest in the personal lives of co-workers Asking inappropriate questions regarding finances or relationships Concern that they are being investigated Leaving traps to detect searches of their work area or home Many people experience or exhibit some or all of the traits in the past few slides; however, most people will not cross the line and commit a crime 17

Commonalities of those who have committed espionage since 1950: More than 1/3 of those who committed espionage had no security clearance Twice as many “insiders” volunteered as were recruited 1/3 of those who committed espionage were naturalized U.S. citizens Most recent spies acted alone Nearly 85% passed information before being caught Out of the 11 most recent cases, 90% used computers while conducting espionage and 2/3 used the Internet to initiate contact. 18

Reportable Behaviors Keeping classified materials in an unauthorized location Attempting to access sensitive information without authorization Obtaining access to sensitive information inconsistent with present job requirements Using an unclassified medium to transmit classified materials Discussing classified materials on a non-secure telephone Removing classification markings from documents Attempting to conceal foreign travel The following actions should be reported to security immediately: 19