Overview of Joe B. Taylor CS 591 Fall 2008. Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Slides:

Advertisements

Similar presentations

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

Advertisements

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

Crime and Security in the Networked Economy Part 4.

© Carnegie Mellon University The CERT Insider Threat Center.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Security+ Guide to Network Security Fundamentals

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Factors to be taken into account when designing ICT Security Policies

Stephen S. Yau CSE , Fall Security Strategies.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Computer Crime and CyberCrime Why we need Computer Forensics.

Computer Crime and Information Technology Security

BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

BUSINESS B1 Information Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

WORKPLACE VIOLENCE SEMINAR SEATTLE FEDERAL EXECUTIVE BOARD ASSOCIATES PROGRAM Update 3/9/1999.

Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Information Warfare Playgrounds to Battlegrounds.

Information Systems Security Operational Control for Information Security.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Chapter 9 Enhancing Information/Computer Security.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Note1 (Admi1) Overview of administering security.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Scott Charney Cybercrime and Risk Management PwC.

Hurdles in implementation of cyber security in India.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Information Warfare Playgrounds to Battlegrounds.

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Safe’n’Sec IT security solutions for enterprises of any size.

IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.

Cyber Crime in China: Current Situation and Countermeasures He Xing Cyber Crime Investigation Division Ministry of Public Security, China.

Managing Information Security Personnel By Christopher Boehm.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.

By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Information Security and Privacy in HRIS

Cyber Insurance Risk Transfer Alternatives

Cybersecurity as a Business Differentiator

Insiders are Today’s Biggest Security Threat

Team 1 – Incident Response

Business Risk Marketing Co-op.

CHAPTER FOUR OVERVIEW SECTION ETHICS

Information Technology Sector

Compliance with hardening standards

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

SY0-501 Dumps PDF CompTIA Security+ Certification Exam.

Computer Crime and Security Measures

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

INFORMATION SYSTEMS SECURITY and CONTROL

CHAPTER FOUR OVERVIEW SECTION ETHICS

INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.

Airport & Aviation Security

Engineering Secure Software

Mohammad Alauthman Computer Security Mohammad Alauthman

Accounting Information Systems & Computer Fraud

Introduction to Digital Forensics

A Field Guide to Insider Threat Helps Manage the Risk

Presentation transcript:

Overview of Joe B. Taylor CS 591 Fall 2008

Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with network he created  Intimidates co-worker, obtains only backup tapes  Terminated for abusive treatment of co-workers  Logic bomb deletes system  $10 Million in damage to the company  80 employees laid off

What is an Insider Attack?  Insider: person with legitimate access  Attack: harm or damage  Common goals  Sabotage  Theft of intellectual property  Fraud

Who are these Insiders?  The typical attacker  32 years old  Male  Former full-time employee  System Administrator

Why do they Attack?  Revenge  Termination  Disputes with employers  Demotions  Dissatisfaction with salary or bonuses  Greed  Most not in financial need  Outsiders persuade and pay for modifying data

When do they Attack?  After a negative work-related event  After displaying concerning behavior at work  After planning the attack  After technical preparation

How do we mitigate the risk?  Awareness  Train employees on the importance of security  Train management on the warning signs  Prevention  Effective implementation of available protection  Deterrence  Feedback to insiders about insider misuse  Publicize presence of capabilities to detect misuse

References  Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks  Common Sense Guide to Prevention and Detection of Insider Threats: Version 2.1 Common Sense Guide to Prevention and Detection of Insider Threats: Version 2.1  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors  The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures  DoD Insider Threat Mitigation DoD Insider Threat Mitigation