Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Field Guide to Insider Threat Helps Manage the Risk

Published byCory Brooks Modified over 5 years ago

Similar presentations

Presentation on theme: "A Field Guide to Insider Threat Helps Manage the Risk"— Presentation transcript:

1 A Field Guide to Insider Threat Helps Manage the Risk
HUM-T10R A Field Guide to Insider Threat Helps Manage the Risk Tim Casey Senior Strategic Risk Analyst Intel Corp.

2 How do you think of insider threat?

3 The problem is becoming more complex
Logos and trademarks are the property of their respective owners

4 The Field Guide to Insider Threat
Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak Espionage Financial fraud Misuse Oportun. data theft Physical theft Product alteration Sabotage Violence

5 Characterizing Insider Threat

6 Definitions Insider Threat is the potential for a current or former employee, contractor, or business partner to accidentally or maliciously misuse their trusted access to harm the organization’s employees and customers, assets, or reputation. A Threat Agent is a representative class of people who can harm an organization, intentionally or accidentally, and identified by their unique characteristics and behaviors.

7 Non-Hostile OR Hostile
Insider Threat Agents Non-Hostile Non-Hostile OR Hostile Hostile Non-Hostile Reckless Insider Outward Sympathizer Untrained/ Distracted Insider Hostile/Non-Hostile Partner Supplier Hostile Activist Competitor Disgruntled Insider Irrational Individual Nation State Organized Crime Terrorist Thief New!

8 Attack Types Accidental leak Espionage Financial fraud Misuse
Opportunistic data theft Physical theft Product alteration Sabotage Violence

9 Attack Types Accidental leak Espionage Financial fraud Misuse
Opportunistic data theft Physical theft Product alteration Sabotage Violence Ooops IP & Data Loss Ongoing, targeted IP extraction Exiting employees

10 Threat-Consequence Vector Matrix
Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence Analysis by Intel’s Threat Agent Analysis Group

11 Applying the Field Guide

12 Demonstrate the scope of the problem
Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Employee Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X Espionage Financial fraud Misuse Opport. data theft Physical theft Product alteration Sabotage Violence 60 separate Insider Threat vectors – Are you prepared for all of them? X

13 Prioritizing Protection to Optimize Resources
Food Manufacturer (example) Accidental leak Espionage Financial fraud Misuse Opport. data theft Physical theft Product alteration Sabotage Violence Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untraind Distractd Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence

14 Prioritizing Protection to Optimize Resources
Food Manufacturer (example) Accidental leak Espionage Financial fraud Misuse Opport. data theft Physical theft Violence Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untraind Distractd Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence Product alteration Sabotage

15 Untrained/ Distracted Insider Irrational Individual
Minimize the Threat Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X Espionage Financial fraud Misuse Opportunistic data theft Physical theft Product alteration Sabotage Violence

16 Provide context for your data
Example incidents $15M in lawsuits Lost market lead in key product Intent® Non-Hostile Non-Hostile /Hostile Hostile Attack Type¯ Reckless Insider Untrained/ Distracted Insider Outward Sympathizer Vendor Partner Irrational Individual Thief Disgruntled Insider Activist Terrorist Organized Crime Competitor Nation State Accidental leak X Espionage Financial fraud Misuse Opportun. data theft Physical theft Product alteration Sabotage Violence 2-day factory downtime 3% annual shrinkage

17 Customize for your threat landscape
The model is open-ended and you can extend & tailor it to your environment

18 How the Guide Can Help You
Having a Field Guide helps you manage risk by: Establishing a common framework and language for managing insider threat throughout the organization and community Prioritizing threats and optimizing the use of limited resources Identifying threats for mitigation A framework to describe and manage your unique threat landscape

19 Applying the Field Guide in Your Organization
Short term Share the Guide with key stakeholders to inform them of the problem scope and enlist them in your team Assess your particular threats and controls against the Field Guide to ensure you are managing your most dangerous insider risks Medium term Modify the model to reflect your situation and priorities Long term Use the Guide to regularly re-assess your overall insider threat landscape

20 Resources Intel Field Guide to Insider Threat: Intel Threat Agent Analysis: Improving Healthcare Risk Assessments to Maximize Security Budgets (how to tailor the model for your environment): CERT Insider Threat Center: We actively engage with fellow travelers utilizing Threat Agent Analysis related to: Threat Assessments Supplier Management and Supply Chain Risk Tools and Visualization

21 Questions?

Download ppt "A Field Guide to Insider Threat Helps Manage the Risk"

Similar presentations

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Security from the Inside Michael Tillison Senior Vice President ManTech International Corp.

Security from the Inside Michael Tillison Senior Vice President ManTech International Corp.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Overview of Joe B. Taylor CS 591 Fall 2008. Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
Strategic Alignment Maturity Maturity is when your long-term intentions shape your short-term focus - Anonymous.

Strategic Alignment Maturity Maturity is when your long-term intentions shape your short-term focus - Anonymous.
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Strategic and Operational planning. Planning Planning means the creation of a plan Planning: the organizational process of creating and maintaining a.

Strategic and Operational planning. Planning Planning means the creation of a plan Planning: the organizational process of creating and maintaining a.
Cyber-Warfare: The Future is Now!

Cyber-Warfare: The Future is Now!
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Threats and vulnerabilities

Threats and vulnerabilities
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.

90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Chapter 13 Security Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives State the major responsibility.

Chapter 13 Security Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives State the major responsibility.
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.

Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.

Similar presentations

Ads by Google