130 likes | 145 Views
COMBATING THE DECAY WITHIN. Proactive Insider threat identification and treatment. WHO. What. Conspiracy, Collusions and Collateral Damage. Acknowledge and Act. WHY. How. Overcoming denial. The thin line between privacy and protection. FAMOUSLY INFAMOUS. Michael Mitchell 1.
E N D
COMBATING THE DECAY WITHIN Proactive Insider threat identification and treatment
WHO What Conspiracy, Collusions and Collateral Damage Acknowledge and Act WHY How Overcoming denial The thin line between privacy and protection
FAMOUSLY INFAMOUS Michael Mitchell1 Shalin Jhaveri1 Kevin Downing2 ”An employee that was a well known danger, shot and killed a security guard—the guard was a father of three” “Disgruntled and fired for poor performance, sold employer’s trade secrets to competitor” “Gave trade secrets to a person he believed was an investor willing to finance a business in India” Roger Duronio3 Brandon Coughlin4 Matthew Keys5 Found guilty of computer sabotage and securities fraud for writing, planting, and disseminating malicious code that took down 2,000 servers. Exceed privileges to delete computer settings and patient information, as well as to make fraudulent technology purchases. Used his access as a former employee to help a hacker deface their website.
CERT SEI/CMU6 Insiders can be current or former employees, contractors, sub-contractors, or other trusted business partners The CERT Insider Threat Center identifies five basic types of insider threat activities including: Sabotage Intellectual Property Theft Fraud Unintentional Insider Threat National Security Espionage
SOURCE WITHOUT PERMISSION FOR EDUCATIONAL PURPOSES ONLY:https://dtexsystems.com/wp-content/uploads/2016/09/Dtex-2016-Cost-of-Insider-Threats-Infographic-01.png
SOURCE WITHOUT PERMISSION FOR EDUCATIONAL PURPOSES ONLY:https://dtexsystems.com/wp-content/uploads/2016/09/Dtex-2016-Cost-of-Insider-Threats-Infographic-01.png
MEASURING YOUR Maturity SOURCE: Unknown
People Schedule a meeting with Human Resources, Legal, Internal Audit and Information Security to discuss formation of an insider threat program. Process Develop specific use cases for your organization and document processes to support use case discovery. Training Send employees responsible for program execution to external training. Similarly, develop internal training for all employees to “see something, say something.” Technology Consolidate and correlate your logs and data. Computer usage, physical access and human resource performance data are equally relevant for detection.
SOURCE WITHOUT PERMISSION FOR EDUCATIONAL PURPOSES ONLY:https://dtexsystems.com/wp-content/uploads/2016/09/Dtex-2016-Cost-of-Insider-Threats-Infographic-01.png
PRE-CRIME A VIEW FROM THE TOP
REFERENCES 1.https://www.fbi.gov/file-repository/insider_threat_brochure.pdf 2.http://www.nationalinsiderthreatsig.org/pdfs/Insider%20Threats%20Incidents-Could%20They%20Happen%20To%20Your%20Organization.pdf 3.https://www.informationweek.com/ex-ubs-systems-admin-sentenced-to-97-months-in-jail/d/d-id/1049873? 4. https://www.healthcareinfosecurity.com/former-systems-administrator-gets-prison-time-a-10299 5. https://www.huffingtonpost.com/2013/03/19/matthew-keys-rogue-employee-hackers_n_2903021.html 6. CERT (SEI/CMU) Insider Threat Overview 7. 1 A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes, American Academy of Arts and Sciences 8. Best Practices in Insider Threats in All Nations, Carnegie Mellon University Software Engineering Institute 9. DTEX Systems Information Graphic (Copied without permission for educational purposes only)
Todd W. Colvin A business savvy converged security executive with a demonstrated ability to dissect critical operating processes for the purpose of identifying weaknesses and providing commercially reasonable recommendations to reduce financial, regulatory or legal impacts to any organization. Expert knowledge in the domains of Risk Identification and Mitigation, Security Governance, Revenue Generation and Protection, Regulatory and Marketplace Alignment. A global Chief Information Security Officer capable of leading businesses, governments and communities through a perpetual world of change. CERTIFICATIONS EDUCATION Master of Science Information Security and Assurance (MSISA) Concentration in Incident Response and Digital Forensics Upsilon Pi Epsilon Honor Society Singularly recognized as Outstanding Student for MSISA Program Norwich University (Northfield, VT), June 2017 Certified Protection Professional (CPP) Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) GIAC Security and Network Auditor (GSNA)-GOLD CERT SEI/CMU Insider Threat Program Management (InTP) Certificate NACD/CERT Cybersecurity Oversight