Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insider Threats Stephen Helms Jen Hugg Matt McNealy.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Insider Threats Stephen Helms Jen Hugg Matt McNealy."— Presentation transcript:

1 Insider Threats Stephen Helms Jen Hugg Matt McNealy

2 “The Insider”  A trusted member of the organization  60% to 70% of attacks came from the insider   roughly twice the number of attacks come from the inside vs. the outside

3 Examples  Acxiom Corp  ChoicePoint  Wachovia Corp. and Bank of America  City of San Francisco

4 Insider Threat Study  Secret Service National Threat Assessment Center (NTAC)  Carnegie Mellon University Computer Emergency Response Team (CERT)  Nature of Insider Attacks  Usual Suspects  Motivations

5 ITS Findings  Former employees who held technical positions  Motivated by revenge  Unsophisticated methods  Attacks occurred outside of normal working hours  Remote Access

6 ITS Recommendations  Restrict remote access  Restrict system administrator access  Collect information for all remote logins  Monitor failed remote logins

7 Role of the Auditor   Educated and Aware Employees   Password sharing   Entrance Barriers   Sensitive information   Employee Attitude

8 Securing Against Insider Attacks  Software  Testing  Attack Simulations  Training

Download ppt "Insider Threats Stephen Helms Jen Hugg Matt McNealy."

Similar presentations

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
Overview of Joe B. Taylor CS 591 Fall 2008. Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Handling Security Incidents

Handling Security Incidents
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.

The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.
Introduction to Network Defense

Introduction to Network Defense
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
 Cloud Computing means storing and accessing data and programs over the Internet instead of your computer’s hard drive.  Your software applications.

 Cloud Computing means storing and accessing data and programs over the Internet instead of your computer’s hard drive.  Your software applications.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming

Similar presentations

Ads by Google