Home Page Submissions Content About the Founder Contact Us
U.S.
 
Secure Your Computer
Personal Security
Disaster Preparedness
Homeland Security
Security Awareness Tips
 
Security Awareness Program
Security Awareness Training
INFOSEC Professional
INFOSEC Program
INFOSEC Auditing
Risk Management
Insider Threat
Incident Response
Free Resources
Security Awareness Day


 

Insider Threat


Common Sense Guide to Prevention and Detection of Insider Threats - CERT (29 pages)
This report is written for a diverse audience, outlining practices that should be implemented by organizations to prevent insider threats. Each practice is described briefly in terms of why it should be implemented and one or more case studies illustrate what could happen if it is not implemented, and how the practice could have prevented an attack or facilitated early detection.

Insider Risk Management Guide - Gideon T. Rasmussen
The threat posed by authorized personnel is well documented by research and court cases. According to ACFE, U.S. organizations lose an estimated $652 billion to fraud annually. Unfortunately, insider threat is not limited to fraud. There is also sabotage, negligence, human error and exploitation by outsiders to consider. If you have not taken a hard look at insider threat controls in your organization, now is the time.

DoD Insider Threat Mitigation (67 pages)
This report provides an explicit set of recommendations for action to mitigate the insider threat to DoD information systems. The report results from the actions of an Insider Threat Integrated Process Team (IPT). The Team's charter was "to foster the effective development of interdependent technical and procedural safeguards" to reduce malicious behavior by insiders.

ISACA Segregation of Duties Matrix
The segregation of duties control matrix is not an industry standard, but a guideline indicating which positions should be separated and which require compensating controls when combined. The matrix is illustrative of potential segregation of duties issues and should not be viewed or used as an absolute, rather it should be used to help identify potential conflicts so proper questions may be asked to identify compensating controls.

The Insider Threat to U.S. Government Information Systems - NSTISSC (46 pages)
This NSTISSAM focuses on the insidera nd the potential damage that such an individual could cause when targeting today's IS. It points out the various weaknesses (vulnerabilities) in today's IS an insider might exploit and highlights approaches to solving these problems. In taking corrective action, it is necessary to consider technical and procedural steps in deterring the insider. Finally, we propose, in priority order, recommendations that mitigate the threat posed by the insider. Our approach is not to provide an exhaustive list, but rather offer recommendations that could have the greatest immediate return against this serious threat.

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors - CERT & U.S. Secret Service (45 pages)
Research for this report found that the majority of the insiders who committed acts of sabotage were former employees who had held technical positions with the targeted organizations. As a result of their involvement in the incidents reviewed for this study, almost all of the insiders were charged with criminal offenses. The majority of these charges were based on violations of federal law.

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector - CERT & U.S. Secret Service (25 pages)
This report reviewed 23 incidents of insider threat in the banking and finance sector. It examines insider incidents across critical infrastructure sectors in which the insiderís primary goal was to sabotage some aspect of the organization (for example, business operations, information/data files, system/network, and/or reputation) or direct specific harm toward an individual.

Preliminary System Dynamics Maps of the Insider Cyber-threat Problem - CERT (36 pages)
This paper discusses the preliminary system dynamic maps of the insider cyber-threat.

Trustworthy Refinement Through Intrusion-Aware Design (TRIAD) - CERT (97 pages)
This report proposes an intrusion-aware design model called trustworthy refinement through intrusion-aware design (TRIAD). TRIAD helps information system decision-makers formulate and maintain a coherent, justifiable, and affordable survivability strategy that addresses mission-compromising threats for their organization. The goals of a survivability strategy are to provide a documented response to the primary threats to the mission; to provide a justification for and the limitations of the system design; to support the design and implementation of the desired system behavior across multiple systems and multiple development teams; and to support maintenance and evolution as the system operations and threat environment evolve over time.

Research on Mitigating the Insider Threat to Information Systems - Rand (126 pages)
This report details R&D initiatives to mitigate and thwart the insider threat to critical U.S. defense and infrastructure information systems. The three main focus areas were long-term (2-5 year) research challenges and goals toward mitigating the insider threat; developing insider threat models; and developing near-term solutions using commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) products. The long-term research recommendations stressed the need to develop an underlying system architecture designed explicitly with security and survivability in mind (unlike essentially all operating systems and network architectures in use today). Other topics included R&D needed on differential access controls, means of recording and saving the provenance of a digital document, and dealing with the increasing use of mobile code (e.g., in the form of applets, viruses, worms, or macros) in complex information systems. The report also contains a number of recommendations regarding the purposes and design of models of insider behavior, and near-term recommendations for helping to prevent, discover, and mitigate the threat ofinsider misuse of information systems.

Understanding the Insider Threat - Rand (137 pages)
The format of this document included four groups: (1) Intelligence Community (IC) System Models, (2) Vulnerabilities and Exploits, (3) Attacker Models and (4) Event Characterization. It brought together members of the IC with specific knowledge of IC document management systems and IC business practices; persons with knowledge of insider attackers, both within and outside the IC; and researchers involved in developing technology to counter insider threats.

A Target-Centric Formal Model For Insider Threat and More - University at Buffalo (17 pages)
In this paper, we propose a target-centric modeling methodology motivated by the fact that insiders typically pursue lucrative targets to cause damage or gain leverage. It is based on a higher level description of an organization's infrastructure and less detail-intensive as compared to the attack graph model.

Analysis and Detection of Malicious Insiders - MITRE (6 pages)
This paper summarizes a collaborative, six month ARDA NRRC challenge workshop to characterize and create analysis methods to counter sophisticated malicious insiders in the United States Intelligence Community. Based upon a careful study of past and projected cases, we report a generic model of malicious insider behaviors, distinguishing motives, (cyber and physical) actions, and associated observables.

Insider Threat Group - Yahoo Groups
The insider threat group provides a forum to discuss resources and techniques to mitigate the threat posed by authorized personnel. Those interested in learning more about insider threat will benefit from the exchange of tips and the opportunity to ask questions. The group is moderated to keep on topic.

Copyright © 2003 - 2008 - USSecurityAwareness.org - All rights reserved - Legal Notices