SlideShare a Scribd company logo

Accidental Insider Threat - 2018 Version

Murray Security Services
Murray Security Services

I have been asked several time to refresh the content of my 2013 presentation on this topic. While much of the core principles remain the same, I have provided some additional resources to consider for those that are looking to develop an Insider Threat Program.

Technology
1 of 21
Download to read offline
DR. SHAWN P. MURRAY, C|CISO, CISSP, CRISC, FITSP-A The Accidental Insider Threat: Is Your Organization Prepared? President & Chief Academic Officer, Murray Security Services Presented for the Pikes Peak Small Business Development Center December 14, 2018
Insider Threat – EO-13587 The October 2011 Presidential Executive Order 13587, titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information”, mandates that every agency and federal government systems integrator to implement an insider threat detection and prevention program by the end of 2013. This was further reinforced by a presidential memorandum in November 2012 directing federal agencies to deploy monitoring systems that meet prescribed standards. “One way to increase the chance of catching a malicious employee is to examine relevant information regarding suspicious or anomalous behavior of those whose jobs cause them to access classified information,” aWhite House spokeswoman commented. Given this new government-wide mandate, it is paramount that government agencies take insider threats seriously. Source: http://www.cataphora.com/markets/government/
Insider Threat Who is the Malicious Insider Threat?  Disgruntled employees ➢ Passed over for raise or promotion ➢ Poor work or home environment  Former disgruntled employees ➢ Fired from the company, holds animosity to company or personnel  Behavior addictions ➢ Drugs ➢ Gambling  Collusion – two or more employees acting together  Social engineers ➢ Use tactics to gain access to resources they don’t have access to or need. Can steal other users credentials…
Insider Threat Objectives of the Malicious Insider Threat:  Target individuals that they perceived did them wrong  Introduction of viruses, worms, trojans or other malware  Theft of information or corporate secrets  Theft of money  The corruption or deletion of data  The altering of data to produce inconvenience or false criminal evidence  Theft of the identities of specific individuals in the enterprise
Insider Threat Elements leading up to a Malicious Insider attack: www.cert.org
Insider Threat For the Malicious Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Determine new ways to combat cyber threats
Insider Threat Who is an Accidental Insider Threat?
Insider Threat Who is an Accidental Insider Threat?  IT Personnel  Contractors/Consultants  All employees  Security Personnel – exhibit bad habits  Executive Management  Clients/Customers RISKY USERS - In this year’s survey, privileged IT users, such as administrators with access to sensitive information, pose the biggest insider threat (60 percent). This is followed by contractors and consultants (57 percent), and regular employees (51 percent). 2017 Insider Threat Study HaystaxTechnology
Insider Threat Who is an Accidental Insider Threat?  All employees – exhibit bad habits ➢ Passwords left on screens, under keyboards ➢ Tailgating into restricted areas, loss of accountability ➢ Using their computers to surf the web or communicate personal e-mail ➢ Bring personal computing devices to work (laptops, PDAs, Smart Phones &Tablets) ➢ Failing to follow OPSEC ➢ Social Engineering – Phone call from imposters, Phishing Emails etc..  IT Personnel - Create vulnerabilities by: ➢ Having group accounts ➢ Separation of duties ➢ Create scripts or back doors for conveniences ➢ Don’t change default passwords  Security Personnel – exhibit bad habits ➢ Deviate from security practices they are required to enforce  Executive Management
Insider Threat To Reduce the Risk for the Accidental Insider Threat, we need to be able to:  Provide sound policies that articulate specific behavior expectations in Acceptable use Policies  Educate andTrain all personnel on exhibiting good habits  Set the example: Management and Security personnel alike  Provide constant awareness  Institute a mechanism to report suspicious behavior  Audit or assess your program!
Insider Threat - Policies Reduce the Risk for the Accidental Insider Threat: Provide sound policies that articulate specific behavior expectations  Good policies have the following elements ✓ Introduction – State the purpose of the policy (Acceptable Use) ✓ Scope – Who does the policy apply to? (Everyone, IT personnel,GSU) ✓ Details – here is where you state the specific elements of the policy. ✓ Accountability Statement –This is where you articulate who will be responsible for implementing the policy (Managers/Supervisors) and the ramifications for not adhering to the policy “ Deviations from this policy will be handled promptly and may include disciplinary action up to and including termination”. ✓ Policy Owner –The final section articulates the policy owner, date and version of the policy.  Policies should be coordinated with all stakeholders ➢ Human Resources ➢ Legal Department ➢ Security Personnel ➢ Management  Policies should be specific and enforceable  Policies should be updated periodically  Employees should acknowledge policies with a signature and date
Insider Threat - Training Reduce the Risk for the Accidental Insider Threat: Educate andTrain all personnel on exhibiting good habits & behavior  Computer based – Internal/External (DSS/DISA,Cybrary, SocialEngineer.org )  Develop in house programs  External training & conferences  Provide periodically (monthly, biannually, annually)  Focus training to the target audience ➢ All personnel ➢ IT Personnel ➢ Security Personnel  Assess the training material for currency and effectiveness! ➢ Update periodically ➢ Provide Examples (real world events or case studies)
Insider Threat - Awareness Reduce the Risk for the Accidental Insider Threat: Provide constant awareness  Reward incentives  Periodic e-mails  Posters – common areas ➢ Break rooms ➢ Rest rooms ➢ Specific work areas ➢ Hallways
Insider Threat - Audit Reduce the Risk for the Accidental Insider Threat: Audit or assess your program!  Periodic (at least annually)  Have an external audit (DSS/another facility’s FSO, commercial vendor, SBDC Cyber Consultant)  Correct deficiencies & if necessary realign resources  If you don’t have one, establish a budget and justify requirements
Insider Threat For the Accidental Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Determine new ways to combat cyber threats
For IT Managers & IT Security Professionals • Least Privilege & Need to Know • Segregation of Duties • Appropriate Access Controls – RBAC and/or ABAC are preferred • Defense in Depth ✓Technical Controls ✓Preventive Controls ✓Detective Controls ✓Corrective Controls ✓Deterrent Controls • Risk-Control Adequacy
Additional Resources NATIONAL INSIDER THREAT TASK FORCE RELEASES INSIDER THREAT PROGRAM MATURITY FRAMEWORK
Additional Resources The Accidental InsiderThreat: IsYour Organization Ready?  This panel of industry experts explored the threats posed by “accidental insiders”— individuals who are not maliciously trying to cause harm, but can unknowingly present a major risk to an organization and its infrastructure.  Was Aired on Federal News Radio October 2, 2012 at 12:00 PM ET Raynor Dahlquist, BoozAllen Hamilton, Panel Moderator Tom Kellermann, Trend Micro Angela McKay, Microsoft Michael C.Theis, CERT InsiderThreat Center http://www.federalnewsradio.com/262/3054242/The-Accidental-Insider-Threat-Is-Your-Organization-Ready
Additional Resources Advanced PersistentThreat (APT) and InsiderThreat http://cyber-defense.sans.org/blog/2012/10/23/advanced-persistent-threat-apt-and-insider-threat Insiders and InsiderThreats - An Overview of Definitions and Mitigation Techniques http://isyou.info/jowua/papers/jowua-v2n1-1.pdf The Accidental InsiderThreat – A White Paper Dr. Shawn P. Murray, Jones International University, 2014 Insider Attacks – 2017, an InsiderThreat Study https://haystax.com/blog/whitepapers/insider-attacks-industry-survey/ Social Engineer.Org website https://www.social-engineer.org/ FBI https://www.fbi.gov/ NATIONAL INSIDERTHREATTASK FORCE RELEASES INSIDERTHREAT PROGRAM MATURITY FRAMEWORK https://www.dni.gov/index.php/newsroom/press-releases/item/1920-national-insider-threat-task-force-releases-insider-threat-program-maturity-framework
Questions?
Links to Images & Resources • https://pbs.twimg.com/media/CH4dM2sWwAANxLw.jpg • https://www.google.com/url?sa=i&source=images&cd=&ved=2ahUKEwi0nc7C3Z_fAhVSJjQIHdpiA- MQjRx6BAgBEAU&url=https%3A%2F%2Fwww.smarttech.ie%2Fnews%2Fimportance-security-awareness- training%2F&psig=AOvVaw3WYyUDpswXoG-db9i7cBZK&ust=1544890962157583 • https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwip4KbQ35_fAhUDJTQIHbrkBZgQjRx6BAgBEAU& url=https%3A%2F%2Finfogressive.com%2Fmanaged-security%2Fphishing%2F&psig=AOvVaw3WYyUDpswXoG- db9i7cBZK&ust=1544890962157583 • https://www.social-engineer.org/ • https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwip4KbQ35_fAhUDJTQIHbrkBZgQjRx6BAgBEAU& url=https%3A%2F%2Finfogressive.com%2Fmanaged-security%2Fphishing%2F&psig=AOvVaw3WYyUDpswXoG- db9i7cBZK&ust=1544890962157583 • https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwjE9NmZ6Z_fAhVLyYMKHXi1An8QjRx6BAgBEAU &url=https%3A%2F%2Fwww.psp-ground.net%2F2018%2F06%2F26%2Fthinking-about-getting-into-cyber-security-training-is- available%2F&psig=AOvVaw3WYyUDpswXoG-db9i7cBZK&ust=1544890962157583

Recommended

Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
Deepak Bansal, CPA CISSP
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
JoAnna Cheshire
 
Risk Assessment Case Study
Risk Assessment Case StudyRisk Assessment Case Study
Risk Assessment Case Study
Praveen Vackayil
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
kajal kumari
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 

Recommended

Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
Deepak Bansal, CPA CISSP
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
JoAnna Cheshire
 
Risk Assessment Case Study
Risk Assessment Case StudyRisk Assessment Case Study
Risk Assessment Case Study
Praveen Vackayil
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
kajal kumari
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
Rabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
Tripwire
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
Chinatu Uzuegbu
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Sarah Clarke
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
Shawn Tuma
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
Chinatu Uzuegbu
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
blogzilla
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
Booz Allen Hamilton
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Steve Phelps
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
JTLeekley
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
gurneyhal
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
eeaches
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
Levi Shapiro
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
John D. Johnson
 

More Related Content

What's hot

Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
Tripwire
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Steve Phelps
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 

What's hot (20)

Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 

Similar to Accidental Insider Threat - 2018 Version

Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
Satyanandan Atyam
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
SUBHI7
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
Matthew Rosenquist
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
phanleson
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Richard Lawson
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Risk Management
Risk ManagementRisk Management
Risk Management
ijtsrd
 

Similar to Accidental Insider Threat - 2018 Version (20)

The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Stu r37 a
Stu r37 aStu r37 a
Stu r37 a
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdf
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 

More from Murray Security Services

More from Murray Security Services (14)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 

Accidental Insider Threat - 2018 Version

  • 1. DR. SHAWN P. MURRAY, C|CISO, CISSP, CRISC, FITSP-A The Accidental Insider Threat: Is Your Organization Prepared? President & Chief Academic Officer, Murray Security Services Presented for the Pikes Peak Small Business Development Center December 14, 2018
  • 2. Insider Threat – EO-13587 The October 2011 Presidential Executive Order 13587, titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information”, mandates that every agency and federal government systems integrator to implement an insider threat detection and prevention program by the end of 2013. This was further reinforced by a presidential memorandum in November 2012 directing federal agencies to deploy monitoring systems that meet prescribed standards. “One way to increase the chance of catching a malicious employee is to examine relevant information regarding suspicious or anomalous behavior of those whose jobs cause them to access classified information,” aWhite House spokeswoman commented. Given this new government-wide mandate, it is paramount that government agencies take insider threats seriously. Source: http://www.cataphora.com/markets/government/
  • 3. Insider Threat Who is the Malicious Insider Threat?  Disgruntled employees ➢ Passed over for raise or promotion ➢ Poor work or home environment  Former disgruntled employees ➢ Fired from the company, holds animosity to company or personnel  Behavior addictions ➢ Drugs ➢ Gambling  Collusion – two or more employees acting together  Social engineers ➢ Use tactics to gain access to resources they don’t have access to or need. Can steal other users credentials…
  • 4. Insider Threat Objectives of the Malicious Insider Threat:  Target individuals that they perceived did them wrong  Introduction of viruses, worms, trojans or other malware  Theft of information or corporate secrets  Theft of money  The corruption or deletion of data  The altering of data to produce inconvenience or false criminal evidence  Theft of the identities of specific individuals in the enterprise
  • 5. Insider Threat Elements leading up to a Malicious Insider attack: www.cert.org
  • 6. Insider Threat For the Malicious Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Determine new ways to combat cyber threats
  • 7. Insider Threat Who is an Accidental Insider Threat?
  • 8. Insider Threat Who is an Accidental Insider Threat?  IT Personnel  Contractors/Consultants  All employees  Security Personnel – exhibit bad habits  Executive Management  Clients/Customers RISKY USERS - In this year’s survey, privileged IT users, such as administrators with access to sensitive information, pose the biggest insider threat (60 percent). This is followed by contractors and consultants (57 percent), and regular employees (51 percent). 2017 Insider Threat Study HaystaxTechnology
  • 9. Insider Threat Who is an Accidental Insider Threat?  All employees – exhibit bad habits ➢ Passwords left on screens, under keyboards ➢ Tailgating into restricted areas, loss of accountability ➢ Using their computers to surf the web or communicate personal e-mail ➢ Bring personal computing devices to work (laptops, PDAs, Smart Phones &Tablets) ➢ Failing to follow OPSEC ➢ Social Engineering – Phone call from imposters, Phishing Emails etc..  IT Personnel - Create vulnerabilities by: ➢ Having group accounts ➢ Separation of duties ➢ Create scripts or back doors for conveniences ➢ Don’t change default passwords  Security Personnel – exhibit bad habits ➢ Deviate from security practices they are required to enforce  Executive Management
  • 10. Insider Threat To Reduce the Risk for the Accidental Insider Threat, we need to be able to:  Provide sound policies that articulate specific behavior expectations in Acceptable use Policies  Educate andTrain all personnel on exhibiting good habits  Set the example: Management and Security personnel alike  Provide constant awareness  Institute a mechanism to report suspicious behavior  Audit or assess your program!
  • 11. Insider Threat - Policies Reduce the Risk for the Accidental Insider Threat: Provide sound policies that articulate specific behavior expectations  Good policies have the following elements ✓ Introduction – State the purpose of the policy (Acceptable Use) ✓ Scope – Who does the policy apply to? (Everyone, IT personnel,GSU) ✓ Details – here is where you state the specific elements of the policy. ✓ Accountability Statement –This is where you articulate who will be responsible for implementing the policy (Managers/Supervisors) and the ramifications for not adhering to the policy “ Deviations from this policy will be handled promptly and may include disciplinary action up to and including termination”. ✓ Policy Owner –The final section articulates the policy owner, date and version of the policy.  Policies should be coordinated with all stakeholders ➢ Human Resources ➢ Legal Department ➢ Security Personnel ➢ Management  Policies should be specific and enforceable  Policies should be updated periodically  Employees should acknowledge policies with a signature and date
  • 12. Insider Threat - Training Reduce the Risk for the Accidental Insider Threat: Educate andTrain all personnel on exhibiting good habits & behavior  Computer based – Internal/External (DSS/DISA,Cybrary, SocialEngineer.org )  Develop in house programs  External training & conferences  Provide periodically (monthly, biannually, annually)  Focus training to the target audience ➢ All personnel ➢ IT Personnel ➢ Security Personnel  Assess the training material for currency and effectiveness! ➢ Update periodically ➢ Provide Examples (real world events or case studies)
  • 13. Insider Threat - Awareness Reduce the Risk for the Accidental Insider Threat: Provide constant awareness  Reward incentives  Periodic e-mails  Posters – common areas ➢ Break rooms ➢ Rest rooms ➢ Specific work areas ➢ Hallways
  • 14. Insider Threat - Audit Reduce the Risk for the Accidental Insider Threat: Audit or assess your program!  Periodic (at least annually)  Have an external audit (DSS/another facility’s FSO, commercial vendor, SBDC Cyber Consultant)  Correct deficiencies & if necessary realign resources  If you don’t have one, establish a budget and justify requirements
  • 15. Insider Threat For the Accidental Insider Threat, we need to be able to:  Detect malicious insider activity  Attribute activity to users  Provide NETOPS tools to track down anomalies  Allow Security Operations to foresee events through continuous monitoring  Execute an effective incident response capability  Determine new ways to combat cyber threats
  • 16. For IT Managers & IT Security Professionals • Least Privilege & Need to Know • Segregation of Duties • Appropriate Access Controls – RBAC and/or ABAC are preferred • Defense in Depth ✓Technical Controls ✓Preventive Controls ✓Detective Controls ✓Corrective Controls ✓Deterrent Controls • Risk-Control Adequacy
  • 17. Additional Resources NATIONAL INSIDER THREAT TASK FORCE RELEASES INSIDER THREAT PROGRAM MATURITY FRAMEWORK
  • 18. Additional Resources The Accidental InsiderThreat: IsYour Organization Ready?  This panel of industry experts explored the threats posed by “accidental insiders”— individuals who are not maliciously trying to cause harm, but can unknowingly present a major risk to an organization and its infrastructure.  Was Aired on Federal News Radio October 2, 2012 at 12:00 PM ET Raynor Dahlquist, BoozAllen Hamilton, Panel Moderator Tom Kellermann, Trend Micro Angela McKay, Microsoft Michael C.Theis, CERT InsiderThreat Center http://www.federalnewsradio.com/262/3054242/The-Accidental-Insider-Threat-Is-Your-Organization-Ready
  • 19. Additional Resources Advanced PersistentThreat (APT) and InsiderThreat http://cyber-defense.sans.org/blog/2012/10/23/advanced-persistent-threat-apt-and-insider-threat Insiders and InsiderThreats - An Overview of Definitions and Mitigation Techniques http://isyou.info/jowua/papers/jowua-v2n1-1.pdf The Accidental InsiderThreat – A White Paper Dr. Shawn P. Murray, Jones International University, 2014 Insider Attacks – 2017, an InsiderThreat Study https://haystax.com/blog/whitepapers/insider-attacks-industry-survey/ Social Engineer.Org website https://www.social-engineer.org/ FBI https://www.fbi.gov/ NATIONAL INSIDERTHREATTASK FORCE RELEASES INSIDERTHREAT PROGRAM MATURITY FRAMEWORK https://www.dni.gov/index.php/newsroom/press-releases/item/1920-national-insider-threat-task-force-releases-insider-threat-program-maturity-framework
  • 21. Links to Images & Resources • https://pbs.twimg.com/media/CH4dM2sWwAANxLw.jpg • https://www.google.com/url?sa=i&source=images&cd=&ved=2ahUKEwi0nc7C3Z_fAhVSJjQIHdpiA- MQjRx6BAgBEAU&url=https%3A%2F%2Fwww.smarttech.ie%2Fnews%2Fimportance-security-awareness- training%2F&psig=AOvVaw3WYyUDpswXoG-db9i7cBZK&ust=1544890962157583 • https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwip4KbQ35_fAhUDJTQIHbrkBZgQjRx6BAgBEAU& url=https%3A%2F%2Finfogressive.com%2Fmanaged-security%2Fphishing%2F&psig=AOvVaw3WYyUDpswXoG- db9i7cBZK&ust=1544890962157583 • https://www.social-engineer.org/ • https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwip4KbQ35_fAhUDJTQIHbrkBZgQjRx6BAgBEAU& url=https%3A%2F%2Finfogressive.com%2Fmanaged-security%2Fphishing%2F&psig=AOvVaw3WYyUDpswXoG- db9i7cBZK&ust=1544890962157583 • https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwjE9NmZ6Z_fAhVLyYMKHXi1An8QjRx6BAgBEAU &url=https%3A%2F%2Fwww.psp-ground.net%2F2018%2F06%2F26%2Fthinking-about-getting-into-cyber-security-training-is- available%2F&psig=AOvVaw3WYyUDpswXoG-db9i7cBZK&ust=1544890962157583