1 Insider Threats Spring 2002 Team 1 M. Broderick, R. Diaz, J. Gerrits, S. Konstantinou.

Slides:



Advertisements
Similar presentations
POSSIBLE THREATS TO DATA
Advertisements

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Chapter 11: Computer Crime, Fraud, Ethics, and Privacy
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Security, Privacy, and Ethics Online Computer Crimes.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
1 An Overview of Computer Security computer security.
Introducing Computer and Network Security
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Instructions for Weds. Jan Get your Century 21 Jr. textbook 2.Log in to the computers 3.On page 80, read the Objectives listed under “Lesson 13:
INTERNET and CODE OF CONDUCT
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Introduction to Network Defense
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
24 Legal and Ethical Considerations. 24 Legal and Ethical Considerations.
Chapter 11 Security and Privacy: Computers and the Internet.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
D IGITAL C ITIZENSHIP. Definition: The informal rules of behavior to be followed when using the Internet N ETIQUETTE.
BUS1MIS Management Information Systems Semester 1, 2012 Week 7 Lecture 1.
C4- Social, Legal, and Ethical Issues in the Digital Firm
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
BUSINESS B1 Information Security.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Digital Citizenship Project.  The etiquette guidelines that govern behavior when communicating on the internet have become known as netiquette.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.
ETHICS and COMPUTERS An Overview 23/04/2017.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
history, hardware, software, safety, and computer ethics
Ethics Business Ethics  Unit Essential Question: How does ethical behavior affect my business decisions?  EQ: How does a business monitor itself to ensure.
IT in Business Issues in Information Technology Lecture – 13.
© Dr Adnan Gutub Ethics Dr Adnan Gutub. © Dr Adnan Gutub Outline What are Ethics? Protection of Rights Professional Ethics & Computer Ethics Moral & Ethical.
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs cybercrime is nothing but where.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
 Carla Bates Technology and Education ED 505.  Social Media Sites are interactive webpages, blogs, and other user created sites that all others to create,
Computer Ethics. Computer Virus  A Virus is a computer program written to alter the way a computer operates, without the permission or knowledge of the.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Computer Security Presented By : Ebtihal Mohammed AL-Amro.
Digital Citizenship Project Created By: Celeste Jackson ED 505-Dr. Martha Hocutt.
HOSPITALITY & TOURISM 5.02A Interpret the nature of business ethics and social responsibility 5.02B Exemplify legal issues affecting businesses.
Computer Security By Duncan Hall.
How these affect the use of computers. There are 4 main types of legislation that affect the use of computers. 1.Data Protection Act 2.Copyright 3.Computer.
Digital Citizenship By Lisa Brackett ED 505. Netiquette on Social Media Sites What is it? “Netiquette is the etiquette guidelines that govern behavior.
Security and Ethics Safeguards and Codes of Conduct.
ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.
Safe’n’Sec IT security solutions for enterprises of any size.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.
Safety & Security By Kieran Bolko. Laws The main law that you should be taking note of is the Data Protection Act 1998 – this law sets rules for the electronic.
Technology can help us: Communicate with others Gather information Share ideas Be entertained Technology has improved our quality of life!
Security, Ethics and the Law. Vocabulary Terms Copyright laws -software cannot be copied or sold without the software company’s permission. Copyright.
Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.
Primary/secondary data sources Health and safety Security of Data Data Protection Act.
By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.
CHAPTER FOUR OVERVIEW SECTION ETHICS
HIPAA Online Student Orientation
Answer the questions to reveal the blocks and guess the picture.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
CHAPTER FOUR OVERVIEW SECTION ETHICS
Mohammad Alauthman Computer Security Mohammad Alauthman
COSC-100 (Elements of Computer Science) Prof. Juola
Presentation transcript:

1 Insider Threats Spring 2002 Team 1 M. Broderick, R. Diaz, J. Gerrits, S. Konstantinou

2 Insider Threats Agenda  The Problem  Scope  Causes  Effects  Detection  Responsibility  Prevention

3 Insider Threats The Problem While companies try to defend themselves by erecting electronic defenses including firewalls, passwords, sophisticated biometric controls to complement physical protection, such as guards, locks, camera and fences, the largest threat to a company in the area of computer information and systems is from within the organization….

4 Insider Threats Scope  CSI/FBI Surveys Financial Losses due to (all) Security Breaches were reported by between 51-75% of respondents from Losses of $377M reported by 196 respondents (about 37% of those surveyed) 50% of network attacks originate within enterprise Avg cost of insider Breach is ~ 100x internet break- in! ($2.4M vs $27k) Source: Harry Krimkowitz, :Mitigating Risks to the Insider Threat within Your Organization, SANS Institute, Information Security Reading Room. October 24,

5 Insider Threats Examples  Stealing Information: FBI Special Agent Robert Hanssen is arrested for providing secret documents to the Soviet Union and Russia in return for payments over $600,000  Employee System Misuse is used to pass discriminatory or sexually harassing messages Employees use to organize into union activities Employees use company time to surf the internet, shop, listen to music, copy software without proper licensing…  Intellectual Property Violations Copying and downloading programs without paying fees Assumption that everything on the internet is “free”

6 Insider Threats Examples  Privacy Issues Unauthorized review or disclosure of internal information  Sabotage - Untested programs - Intentionally leaving “backdoors” - Rigging calculations - Carelessness - Leaving machines unattended so others can log on - Entering incorrect or incomplete information

7 Insider Threats Type  Voluntary Using unauthorized software  Involuntary Inappropriate inquiries or data are attached to or hidden in (Virus, Trojan Horse, etc.)  Willful Setting time bombs in applications  Accidental ing to an incorrect recipient or “the world”

8 Insider Threats Motivation – 1  Risk/Reward Will I get caught? What’s the risk worth? What are the odds?  Internal (Organizational) Pressures “ Performance Targets must be met to ensure continued employment” and the mortgage is $5000/month Everyone else is doing it… If you don’t, I’ll find someone who will…  Revenge - I’ll show them… - They can’t manage without me - I’ll get you…

9 Insider Threats Motivation - 2  External (Extramural) Pressures Keeping up with the “Jones” Family and personal needs Fix an external problem: environment, political action, etc.  Ignorance It can’t be that complicated… Have to answer the phone now…I’ll get back to the PC soon “Can you let me in – you know me… I forgot my key, just this once..”

10 Insider Threats Motivation - 3  Just Because… I bet I can They’ll never find this … It’s no big deal This can’t be wrong… Permission? Why?  Other Reasons…

11 Insider Threats Effects  Internal Financial Losses Loss of Trust Safety Issues  External Company Reputation Access to Credit Fiduciary Issues Legal Complications

12 Insider Threats Why?  Do people hold contradictory views about the morality of society and business?  How does this affect insider risks?

13 Insider Threats Why?  Why are the statistics of reported unethical behavior so high?  Are they high enough? (Probably not!)

14 Insider Threats Can I?  Most of us will have to make the “right” decision at some point during our professional careers.  Can we define clearly, consistently and unambiguously what is right?

15 Insider Threats What If...?  But what if everyone else disagrees with you?  No one likes whistleblowers!  Right?

16 Insider Threats What If...?  What if … you are someone else’s tradeoff? Your job Your lifestyle Your professional reputation Your finances Your family …

17 Insider Threats Who?  You! you What can you do to contribute to a business environment that supports ethical behavior?

18 Insider Threats Why?  But what if everyone else disagrees?  No one likes whistleblowers!

19 Insider Threats Responsibility  Perpetrator  Management  Risk Management  Information Technology  Enforcement Authority Internal Security Force External Police

20 Insider Threats Detection  Accidental Why did I get this result? Who sent this? Where did this originate?  Intentional Eye Witness Monitoring  Disclosure Whistleblower Self Reporting  No Detection It just stops….

21 Insider Threats Prevention  Employee Screening and Background Checks  Establish Rules in Advance  Code of Ethics  Employee Training  Build Trust  “Healthy Environment” – Self-Respect  Management by Example  Shared Values  Monitor – Trust but Verify

22 Insider Threats Enforcement  Disincentives for Breaking the Rules  Remove Penalties for Whistle-blowing  Get the Facts!  Act Quickly  Legal Implications Employee Management Customer

23 Insider Threats Summary  Very Large Problem  No Simple Solution

24 Insider Threats Summary  Minimize the Problem Areas by Pre-Screening Education Predictability Control  Healthy Environment Shared Values Self-Esteem Integrity

25 Insider Threats Sources  CSI/FBI Survey fbi%20survey%20for%20executives_files/frame.htm  CSI/FBI Survey  ARREST OF ROBERT HANSSEN CACHED BY GOOGLE.COM  "I KNOW WHAT YOU ED LAST SUMMER " JOHN B LEWIS,SECURITY MANAGEMENT, JAN 2002, PP  ” Whose Rules?” By Eileen Conklin, Information Week, Mar 11,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.