© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

Slides:

Advertisements

Similar presentations

© 2008 Oracle Corporation – Proprietary and Confidential.

Advertisements

Carnegie Mellon University Software Engineering Institute CERT® Knowledgebase Copyright © 1997 Carnegie Mellon University VU#14202 UNIX rlogin with stack.

OCTAVESM Process 4 Create Threat Profiles

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Topics Changes Risk Assessments Cloud Data Security / Data Protection Licenses, Copies, Instances Limits of Liability and Indemnification Requests for.

© 2011 Carnegie Mellon University System of Systems V&V John B. Goodenough October 19, 2011.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

© 2013 Carnegie Mellon University Academy for Software Engineering Education and Training, 2013 Session Architect: Tony Cowling Session Chair: Nancy Mead.

Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.

Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Introducing Computer and Network Security

© 2011 Carnegie Mellon University Should-Cost: A Use for Parametric Estimates Additional uses for estimation tools Presenters:Bob Ferguson (SEMA) Date:November.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

© 2013 Carnegie Mellon University Best Practices in Insider Threat Mitigation CSIAC Insider Threat Workshop Randall Trzeciak 15 August 2013

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

DFARS & What is Unclassified Controlled Technical Information (UCTI)?

BUSINESS B1 Information Security.

© 2001 by Carnegie Mellon University PSM-1 OCTAVE SM : Senior Management Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh,

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

C8- Securing Information Systems

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.

Peter Sakaris CISSP Booz Allen Hamilton, 1299 Farnam Street Suite 1230, Omaha, NE Office The Insider Threat.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Scott Charney Cybercrime and Risk Management PwC.

Oracle Fusion Applications 11gR1 ( ) Functional Overview (L2) Manage Inbound Logistics (L3) Manage Receipts.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Author Software Engineering Institute

Oracle Fusion Applications 11gR1 ( ) Functional Overview (L2) Manage Inbound Logistics (L3) Manage and Disposition Inventory Returns.

Government Contract Law – Post Award Shraddha Upadhyaya Contract Law Division U.S. Department of Commerce Office of General Counsel GSA Training Conference.

Safe’n’Sec IT security solutions for enterprises of any size.

1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.

Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.

Intellectual Property And Data Rights Issues Domestic & Global Perspectives Bayh-Dole act -- rights in data Henry N. Wixon Chief Counsel National Institute.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential. 1.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Data Science: What It Is and How It Can Help Your Company

Secure Software Workforce Development Panel Session

BUSINESS DRIVEN TECHNOLOGY

Author Software Engineering Institute

CHAPTER FOUR OVERVIEW SECTION ETHICS

Michael Spiegel, Esq Timothy Shimeall, Ph.D.

Process Maturity Profile

Introduction to the Federal Defense Acquisition Regulation

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Joe, Larry, Josh, Susan, Mary, & Ken

Metrics-Focused Analysis of Network Flow Data

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

CHAPTER FOUR OVERVIEW SECTION ETHICS

Cybersecurity Threat Assessment

Strategic threat assessment

Chapter # 3 COMPUTER AND INTERNET CRIME

Engineering Secure Software

Presentation transcript:

© Carnegie Mellon University The CERT Insider Threat Center

2 Notices © Carnegie Mellon University This material is distributed by the SEI only to course attendees for their own individual study. Except for the U.S. government purposes described below, this material SHALL NOT be reproduced or used in any other manner without requesting formal permission from the Software Engineering Institute at This material was created in the performance of Federal Government Contract Number FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The U.S. Government's rights to use, modify, reproduce, release, perform, display, or disclose this material are restricted by the Rights in Technical Data-Noncommercial Items clauses (DFAR and DFAR Alternate I) contained in the above identified contract. Any reproduction of this material or portions thereof marked with this legend must also reproduce the disclaimers contained on this slide. Although the rights granted by contract do not require course attendance to use this material for U.S. Government purposes, the SEI recommends attendance to ensure proper understanding. THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANY AND ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL, MERCHANTABILITY, AND/OR NON-INFRINGEMENT).

3 What is CERT? Center of Internet security expertise Established in 1988 by the US Department of Defense on the heels of the Morris worm that created havoc on the ARPANET, the precursor to what is the Internet today Part of the Software Engineering Institute (SEI) Federally Funded Research & Development Center (FFRDC) Operated by Carnegie Mellon University (Pittsburgh, Pennsylvania)

4 Who is a Malicious Insider? Current or former employee, contractor, or other business partner who  has or had authorized access to an organization’s network, system or data and  intentionally exceeded or misused that access in a manner that  negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.

5 Assist organizations in identifying indications and warnings of insider threat by performing vulnerability assessments assisting in the design and implementation of policies, practices, and technical solutions CERT Insider Threat Center – Mission based on our ongoing research of hundreds of actual cases of insider IT sabotage, theft of intellectual property, fraud, and espionage

CyberSecurity Watch Survey -1 CSO Magazine, USSS, CERT & Deloitte 607 respondents 38% of organizations have more than 5000 employees 37% of organizations have less than 500 employees Percentage of Participants Who Experienced an Insider Incident Source: 2011 CyberSecuirty Watch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.

CyberSecurity Watch Survey % of respondentsDamage caused by insider attacks more damaging than outsider attacks Most common insider e-crime Unauthorized access to / use of corporate information (63%) Unintentional exposure of private or sensitive data(57%) Virus, worms, or other malicious code(37%) Theft of intellectual property(32%) Source: 2011 CyberSecuirty Watch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.

8 CERT’s Insider Threat Case Database

9 CERT’s Case Collection Approach Ongoing collectionCases from1996 – present that occurred in the U.S. are coded in the CERT database SourcesCourt documents, interviews, media, investigators’ notes Big picture approachExamine technical, psychological, and organizational aspects of the problem ObjectiveAnalyze actual cases to develop information for prevention & early detection

10 Current Body of Work Incident Response Forensic Investigations (internal & external attacks) Controls Open source solutions Optimized configurations for commercial technology Risk scoring algorithms New functional requirements Standards Cases Models Assessments Lit Reviews Research Insider threat risk management process Workshops Senior Executive Workshops Demos VTE Modules Exercises

11 Points of Contact Insider Threat Technical Solutions Lead Joji Montelibano CERT Program Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA – Phone