Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.

Published byGwenda Barnett Modified over 7 years ago

Similar presentations

Presentation on theme: "By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access."— Presentation transcript:

1 By: Taysha Johnson

2 What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system or data 2.Intentionally exceeding or misusing that access in a manner that negatively affected the confidentiality integrity or availability of the organizations information or information systems

3 Why is this a problem? Most difficult to deal with because insiders have information and capabilities that “external attackers” may not be able to obtain. Most serious security problem within organizations

4 The dangers of employees Employee Sabatoge : Destroying hardware, software, or data. Plant time bomb or logic bomb on computer Employee Hacking: Intentionally accessing a computer resource without authorization or in excess of authorization

5 Types of attatcks Computer and internet abuse Extortion Financial theft Property theft Data loss Trade Secrets

6 Computer and internet insider threats Unauthorized access to confidential or non personal information Activities that violate a company's policies about their IT use Downloading pornography Downloading pirated music, video or software Surfing the internet for personal purposes on companys time

7 Employee extortion Employee using ability to damage systems or access confidential information to extort the company

8 What is employee extortion? The perpetrator tries to acquire money or other goods by threatening to take actions that would be against the victims interest Example : Employee steal information from a company’s computer and request money to not leak it out to other competitors.

9 Financial theft 2 different types 1. Finacnial theft Involves misuse of assets or theft of money 2. Intellectual property theft Information owned by company Protected by law Trade secrets, Copyrights, Patents, Trade Names and Trademarks

10 Data loss Getting rid of computers with hard drives not removed Loss of wireless technology Loss of optical disks Loss of USB RAM drives

11 Trade secret Pieces of delicate information that a company acts to keep secret For example: blueprints, strategies, product formulations business processes, price lists, customer lists, and any other type of information that the company wants to keep top secret from competitors

12 PREVENTING ATTACKS…

13 Why your own employees can be threatening All employees are potential threats because of their knowledge. Employees know the systems in and out meaning they can access any information. They have the authorizations to get into the sensitive areas of a system Employees are not suspicious because most companies tend to trust their employees so they are able to avoid detection

14 Why might you want to learn how to prevent insider threats? TO AVOID…… Loss or compromise of classified information (Secret Service) Weapons system cloned, destroyed or countered ( US military) Loss of technological advantage (NASSA) Financial loss (Large Franchise Bank) LOSS OF LIFE

15 Preventing employee insider threat Introduce strict rules on authorization for passwords and codes to log into secure or private systems Focus on three main areas: Hiring Supervising Firing Practice in these areas will lessen the severity of insider threats! If they are all done to perfection.

16 How to prevent insider threats as an employee Reporting suspicious behavior that may have been related to a classified topic Be aware of the actions around you

17 How to prevent insider threats as management Inform employees that they are the first line of defense against insider threats. Delegate specific job responsibilities and data access rights Present firm policies to manage accounts and passwords Monitor and collect employee activity logs in real time

18 Suspicious Behaviors Keeping classified materials in an unauthorized location Discussing classified materials on a non secure phone

19 Suspicious behavior cont. Repeated or un-required work outside of normal duty hours Sudden change of financial situation or sudden repayment of large debts or loans Trying to conceal travel outside of country

20 U.S. CASES http://www.youtube.com/watch?v=xunUbYo7 qbw

21 Cases involving insiders…. Michael Mitchell Was fired from his job due to poor performance, however he concealed numerous computer files with his employers trade secrets than entered into a consulting agreement with a Korean firm and gave them the stolen trade secrets. He was sentenced to 18 months in prison and was ordered to pay his former employer over $187,000

22 Cases involving insiders… Chi Mak Sent to the US in 1978 by China to obtain employment in the defense industry with the goal of stealing US defense secrets which he did for over 20 ye ars. Mak was convicted of conspiracy, falling to register as an agent of a foreign government and many others. He was sentenced to 24 years in prison.

23 Works cited www.dss.mil www.fbi.gov www.youtube.com www.securelist.com

24 THE END !!!! =)

Download ppt "By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access."

Similar presentations

Northside I.S.D. Acceptable Use Policy 2009-2010.

Northside I.S.D. Acceptable Use Policy
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.

There are different threats and impacts that affect an organisation. Threats are things that the organisation will get attacked by so for example viruses.
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.
Overview of Joe B. Taylor CS 591 Fall 2008. Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.

Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.

GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.
General Purpose Packages

General Purpose Packages
INTELLECTUAL PROPERTY TRADE SECRETS COPYRIGHTS PATENTS.

INTELLECTUAL PROPERTY TRADE SECRETS COPYRIGHTS PATENTS.
Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.

Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.
ISNE101 Dr. Ken Cosh. Review  Dependability  Reliability  How do we improve it?  Security  Threats & Countering the Threats.

ISNE101 Dr. Ken Cosh. Review  Dependability  Reliability  How do we improve it?  Security  Threats & Countering the Threats.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Similar presentations

Ads by Google