SlideShare a Scribd company logo

Malicious Insiders

G
gjohansen

Malicious Insiders examines the role that insider play in sabotage, industrial espionage and fraud. We also examine how taking proactive steps reduces these risks.

1 of 38
Malicious Insiders
SSC ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SSC Financial Institutions Law Firms Insurance Industry Law Enforcement Government Corporate Educational Real Estate Companies Industries We Serve
SSC Security Risk Consulting Investigations Uniformed Security
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Insiders ,[object Object]
Definitions ,[object Object],[object Object],[object Object],[object Object],[object Object]
Definitions: What insiders can do ,[object Object],[object Object],[object Object],[object Object],[object Object]
Carrie E. Pifer ,[object Object],[object Object],[object Object],[object Object],[object Object]
Terry Childs Case Study ,[object Object],[object Object],[object Object],[object Object]
Dongfan “Greg” Chung ,[object Object],[object Object],[object Object],[object Object],[object Object]
Insiders: What we see What We See What we do not see
Insiders: Motivation ,[object Object],[object Object]
Insiders: Motivations ,[object Object],[object Object],[object Object],[object Object],[object Object]
Insiders: Motivations External Pressures Internal Psychology Malicious Act
External Pressures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Internal Psychology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Costs of Insider Threats ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mitigating the Insider Threat ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hiring Practices: Pre-employment Screening (PES) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Having a program, deters applicants with something to hide Benefits
PES: Who should be checked? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],EVERYONE! Anyone hired, transferred or promoted
PES: Vendors and Contractors ,[object Object],[object Object],[object Object],[object Object]
PES: Risk for the employer when taking on screening yourself ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PES: Background Searches Available ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PES: Background Searches Available ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PES: Build an Applicant’s Profile ,[object Object],[object Object],[object Object]
PES: Choosing the Right Searches ,[object Object],[object Object],[object Object],[object Object],[object Object]
PES: Instant Records ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],B E W A R E !
PES: Selecting a Screening Partner ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What you need to look for:
Policies and Procedures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Separation of Duties ,[object Object],[object Object],[object Object]
Legal, Management, Security and HR Coordination ,[object Object],[object Object],[object Object],[object Object],[object Object]
Pre-Incident Indicators ,[object Object],[object Object],[object Object],[object Object],[object Object]
Internal Complaint Procedures ,[object Object],[object Object],[object Object],[object Object],[object Object]
Termination Procedures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Wrap Up ,[object Object],[object Object],[object Object],[object Object],[object Object]
Questions
Contact Us ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
INVESTIGATING UNIX SYSTEMS.pptx
INVESTIGATING UNIX SYSTEMS.pptxINVESTIGATING UNIX SYSTEMS.pptx
INVESTIGATING UNIX SYSTEMS.pptxAmAngel1
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 

Recommended

Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
INVESTIGATING UNIX SYSTEMS.pptx
INVESTIGATING UNIX SYSTEMS.pptxINVESTIGATING UNIX SYSTEMS.pptx
INVESTIGATING UNIX SYSTEMS.pptxAmAngel1
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Software process and project metrics
Software process and project metricsSoftware process and project metrics
Software process and project metricsIndu Sharma Bhardwaj
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Psychology Human Computer Interaction
Psychology Human Computer InteractionPsychology Human Computer Interaction
Psychology Human Computer InteractionSeta Wicaksana
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Sri Prasanna
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Data recovery power point
Data recovery power pointData recovery power point
Data recovery power pointtutannandi
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Frame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison UniversityFrame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison Universitytouseefaq3
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 

More Related Content

What's hot

Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Software process and project metrics
Software process and project metricsSoftware process and project metrics
Software process and project metricsIndu Sharma Bhardwaj
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Psychology Human Computer Interaction
Psychology Human Computer InteractionPsychology Human Computer Interaction
Psychology Human Computer InteractionSeta Wicaksana
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Sri Prasanna
 
Data recovery power point
Data recovery power pointData recovery power point
Data recovery power pointtutannandi
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Frame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison UniversityFrame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison Universitytouseefaq3
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 

What's hot (20)

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Malicious
MaliciousMalicious
Malicious
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Software process and project metrics
Software process and project metricsSoftware process and project metrics
Software process and project metrics
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Psychology Human Computer Interaction
Psychology Human Computer InteractionPsychology Human Computer Interaction
Psychology Human Computer Interaction
 
Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)Fault Tolerance (Distributed computing)
Fault Tolerance (Distributed computing)
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Data recovery power point
Data recovery power pointData recovery power point
Data recovery power point
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Frame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison UniversityFrame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison University
 
06. security concept
06. security concept06. security concept
06. security concept
 

Viewers also liked

Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Snowden slides
Snowden slidesSnowden slides
Snowden slidesDavid West
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 

Viewers also liked (11)

Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentation
 
Insider threat
Insider threatInsider threat
Insider threat
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Snowden slides
Snowden slidesSnowden slides
Snowden slides
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
 

Similar to Malicious Insiders

Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke PatchlinkBen Rothke
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unpreparedhaynormania
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Investigative Team
Investigative TeamInvestigative Team
Investigative TeamCTIN
 
Final Presentation Negligent hiring due to lack of background checks hrm 400
Final Presentation Negligent hiring due to lack of background checks hrm 400Final Presentation Negligent hiring due to lack of background checks hrm 400
Final Presentation Negligent hiring due to lack of background checks hrm 400Neha Choudhary, M.A
 
Employee verification major steps
Employee verification major stepsEmployee verification major steps
Employee verification major stepsShailesh Mishra
 
Background Verification companies in India
Background Verification companies in IndiaBackground Verification companies in India
Background Verification companies in IndiaAbhijeetkrishna4
 
Sophisticated Solutions to Complex Workplace Issues
Sophisticated Solutions to Complex Workplace IssuesSophisticated Solutions to Complex Workplace Issues
Sophisticated Solutions to Complex Workplace IssuesBusiness Controls, Inc.
 
Internal InvestigationsChapter 11
Internal InvestigationsChapter 11Internal InvestigationsChapter 11
Internal InvestigationsChapter 11TatianaMajor22
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsID Experts
 
Investigating Fast Products For Legal Past History Screening
Investigating Fast Products For Legal Past History ScreeningInvestigating Fast Products For Legal Past History Screening
Investigating Fast Products For Legal Past History Screeninggoofyaccountant16
 

Similar to Malicious Insiders (20)

BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
Fraud And Internal Controls Linked In April 2011
Fraud And Internal Controls Linked In April 2011Fraud And Internal Controls Linked In April 2011
Fraud And Internal Controls Linked In April 2011
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
 
Data Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being UnpreparedData Breaches: The Cost of Being Unprepared
Data Breaches: The Cost of Being Unprepared
 
Tackling Corporate Fraud
Tackling Corporate FraudTackling Corporate Fraud
Tackling Corporate Fraud
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Investigative Team
Investigative TeamInvestigative Team
Investigative Team
 
Final Presentation Negligent hiring due to lack of background checks hrm 400
Final Presentation Negligent hiring due to lack of background checks hrm 400Final Presentation Negligent hiring due to lack of background checks hrm 400
Final Presentation Negligent hiring due to lack of background checks hrm 400
 
Employee verification major steps
Employee verification major stepsEmployee verification major steps
Employee verification major steps
 
Background Verification companies in India
Background Verification companies in IndiaBackground Verification companies in India
Background Verification companies in India
 
Adrs2
Adrs2Adrs2
Adrs2
 
Sophisticated Solutions to Complex Workplace Issues
Sophisticated Solutions to Complex Workplace IssuesSophisticated Solutions to Complex Workplace Issues
Sophisticated Solutions to Complex Workplace Issues
 
Internal InvestigationsChapter 11
Internal InvestigationsChapter 11Internal InvestigationsChapter 11
Internal InvestigationsChapter 11
 
Kenya AMC Presentation 2
Kenya AMC Presentation 2Kenya AMC Presentation 2
Kenya AMC Presentation 2
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Case study on forensic audit
Case study on forensic auditCase study on forensic audit
Case study on forensic audit
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity Clients
 
Investigating Fast Products For Legal Past History Screening
Investigating Fast Products For Legal Past History ScreeningInvestigating Fast Products For Legal Past History Screening
Investigating Fast Products For Legal Past History Screening
 
Investigation and forensic audit in a computerized work environment
Investigation and forensic audit in a computerized work environmentInvestigation and forensic audit in a computerized work environment
Investigation and forensic audit in a computerized work environment
 

Malicious Insiders