Insider Threats Stephen Helms Jen Hugg Matt McNealy.

Slides:



Advertisements
Similar presentations
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
Advertisements

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
© Carnegie Mellon University The CERT Insider Threat Center.
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Handling Security Incidents
1 July 08, 2010 Information Security Officer Meeting.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE , Fall Security Strategies.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.
Introduction to Network Defense
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
 Cloud Computing means storing and accessing data and programs over the Internet instead of your computer’s hard drive.  Your software applications.
Information Security Issues at Casinos and eGaming
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
Chapter 4.  Can technology alone provide the best security for your organization?
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
AUDITORÍA THE APPCO. VOLUME 8: CRITICAL ASSET FOR PEOPLE.
Lowe’s Certification and Accreditation.  Systems Boundaries and Functions  Vulnerabilities, Threats, and Threat Sources  Annual Loss Expectancy  Identification.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
A New Way to Work For the New Century. As a result of several years’ work by you and your co-workers, we have...
IS Network and Telecommunications Risks Chapter Six.
CSCI 6231 – Final Lecture Additional Resources and Topics.
Working with HIT Systems
Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
David Brookins Katherine Galang Earron Twitty CSCE 590.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
IT-Secrurity Cookbook Enter your login: Enter your password:
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.
INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.
Incident Response Strategy and Implementation Anthony J. Scaturro University IT Security Officer September 22, 2004.
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
Information Security Officer Meeting
Risk management.
Team 1 – Incident Response
The Internal Audit Role in assessing Cybersecurity
Joe, Larry, Josh, Susan, Mary, & Ken
Forensics Week 11.
SQL Database Audit Planning
Attacks on The Manufacturing Industry
PRIVILEGED ACCOUNT ABUSE
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
12 STEPS TO A GDPR AWARE NETWORK
IT Department Introduction.
Security week 1 Introductions Class website Syllabus review
Data-Driven Decision-Making
Chapter # 3 COMPUTER AND INTERNET CRIME
Engineering Secure Software
Mohammad Alauthman Computer Security Mohammad Alauthman
Access Control and Site Security
Anna Adams Martina Angela Sasse
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

Insider Threats Stephen Helms Jen Hugg Matt McNealy

“The Insider”  A trusted member of the organization  60% to 70% of attacks came from the insider   roughly twice the number of attacks come from the inside vs. the outside

Examples  Acxiom Corp  ChoicePoint  Wachovia Corp. and Bank of America  City of San Francisco

Insider Threat Study  Secret Service National Threat Assessment Center (NTAC)  Carnegie Mellon University Computer Emergency Response Team (CERT)  Nature of Insider Attacks  Usual Suspects  Motivations

ITS Findings  Former employees who held technical positions  Motivated by revenge  Unsophisticated methods  Attacks occurred outside of normal working hours  Remote Access

ITS Recommendations  Restrict remote access  Restrict system administrator access  Collect information for all remote logins  Monitor failed remote logins

Role of the Auditor   Educated and Aware Employees   Password sharing   Entrance Barriers   Sensitive information   Employee Attitude

Securing Against Insider Attacks  Software  Testing  Attack Simulations  Training