Pay Attention! What are Your Employees Doing?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Pay Attention! What are Your Employees Doing?"

Transcription

1 Pay Attention! What are Your Employees Doing? Dawn M. Cappelli Carnegie Mellon University

2 Report Documentation Page Form Approved OMB No Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE JAN REPORT TYPE 3. DATES COVERED to TITLE AND SUBTITLE Pay Attention! What are Your Employees Doing? 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University,Software Engineering Institute (SEI),Pittsburgh,PA, PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 50 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

3 Financial Institution Discovers $691 Million in Losses... Covered up for 5 Years by Trusted Employee

4 Manufacturer Loses $10 Million- Lays Off 80 Employees... Sabotage by Employee of Eleven Years Nearly Puts Company Out of Business

5 COULD THIS HAPPEN TO YOU? 4

6 Introduction 5

7 What is CERT? Center of Internet security expertise Established in 1988 by the US Department of Defense in 1988 on the heels of the Morris worm that created havoc on the ARPANET, the precursor to what is the Internet today Located in the Software Engineering Institute (SEI) Federally Funded Research & Development Center (FFRDC) Operated by Carnegie Mellon University (Pittsburgh, Pennsylvania) 6

8 Overview of Talk Background Introduction Evolution of CERT s insider threat research Insider IT Sabotage Key Observations Case examples Statistics MERIT Models of Insider IT Sabotage Common Sense Guide Best Practices Future Work 7

9 Background 8

10 2006 e-crime Watch Survey CSO Magazine, USSS & CERT 434 respondents Percentage of Incidents With no Source Identified Percentage of insiders versus outsiders insiders outsiders 9

11 Percentage of Participants Who Experienced an Insider Incident ( )

12 Types of Insider Crimes Fraud: obtaining property or services from the organization unjustly through deception or trickery. Theft of Information: stealing confidential or proprietary information from the organization. IT Sabotage: acting with intention to harm a specific individual, the organization, or the organization s data, systems, and/or daily business operations. 11

13 Examples of Insider Crimes Fraud examples: Sale of confidential information (SSN, credit card numbers, etc ) Modification of critical data for pay (driver s license records, criminal records, welfare status, etc ) Stealing of money (financial institutions, government organizations, etc ) Theft of Information examples: Theft of customer information Theft of source code Theft of organization s data Sabotage examples: Deletion of information Bringing down systems Web site defacement to embarrass organization 12

14 Evolution of CERT Insider Threat Research Insider threat case studies U.S. Department Of Defense Personnel Security Research Center (PERSEREC) CERT/U.S. Secret Service Insider Threat Study Best practices Carnegie Mellon CyLab Common Sense Guide to Prevention and Detection of Insider Threats System dynamics modeling Carnegie Mellon CyLab Management and Education on the Risk of Insider Threat (MERIT) PERSEREC 13

15 CERT/USSS Insider Threat Study Definition of insider: Current or former employees or contractors who o o intentionally exceeded or misused an authorized level of access to networks, systems or data in a manner that targeted a specific individual or affected the security of the organization s data, systems and/or daily business operations 14

16 Insider Threat Study Funded by US Secret Service (partially by Department of Homeland Security) Examined technical & psychological aspects Analyzed actual cases to develop information for prevention & early detection Methodology: Collected cases (150) Codebooks Interviews Reports Training 15

17 Insider Threat Study Case Breakdown IT Sabotage: 54 Fraud: 44 Theft of IP: cases total 16

18 Next: The Big Picture Important aspects of the insider threat problem: Interaction of policies, practices, and technology over time Interaction between psychological & technical aspects of the problem Need for innovative training materials CyLab funding: MERIT: Management and Education of the Risk of Insider Threat Initial Proof of Concept: insider IT sabotage 17

19 Definition of Insider IT Sabotage Cases across critical infrastructure sectors in which the insider s primary goal was to sabotage some aspect of an organization or direct specific harm toward an individual(s). 18

20 Insider IT Sabotage Key Observations 19

21 Who Were the Saboteurs? Age: Gender: mostly males Variety of racial & ethnic backgrounds Marital status: fairly evenly split married versus single Almost 1/3 had previous arrests 20

22 Observation #1: Most insiders had personal predispositions that contributed to their risk of committing malicious acts. 21

23 Case Example Observation #1 A database administrator wipes out critical data after her supervisor and coworkers undermine her authority. 22

24 Personal Predispositions 60% 40% Exhibited Unknown 23

25 Observation #2: Most insiders disgruntlement is due to unmet expectations. 24

26 Case Example Observation #2 A network engineer retaliates after his hope of recognition and technical control are dashed. 25

27 Unmet Expectations No Unmet Expectations 100% Unmet Expectations ** Data was only available for 25 cases 26

28 Observation #3: In most cases, stressors, including sanctions and precipitating events, contributed to the likelihood of insider IT sabotage. 27

29 Case Example Observation #3 A disgruntled system administrator strikes back after his life begins to fall apart personally and professionally. 28

30 Stressors /Sanctions/Precipitating Events Unknown 3% Stressors/Sanctions/ Precipitating Events 97% 29

31 Observation #4: Behavioral precursors were often observable in insider IT sabotage cases but ignored by the organization. 30

32 Case Example Observation #4 A weird tech guy is able to attack following termination because no one recognizes the danger signs. 31

33 Behavioral Precursors 20% No concerning behavior 80% Concerning behavior 32

34 Observation #5: Insiders created or used access paths unknown to management to set up their attack and conceal their identity or actions. The majority attacked after termination. 33

35 Case Example Observation #5 The weird tech guy realizes the end is near so he sneakily sets up his attack. 34

36 Created or used unknown access paths No unknown access paths 25% 75% Unknown access paths 35

37 Observation #6: In many cases, organizations failed to detect technical precursors. 36

38 Case Example Observation #6 A logic bomb sits undetected for 6 months before finally wreaking havoc on a telecommunications firm. 37

39 Technical precursors undetected No Undetected technical precursors 13% 87% Undetected technical precursors 38

40 Observation #7: Lack of physical and electronic access controls facilitated IT sabotage. 39

41 Case Example Observation #7 Emergency services are forced to rely on manual address lookups for 911 calls when an insider sabotages the system. 40

42 Lack of Access Controls Adequate Access Controls 7% 93% Inadequate Access Controls 41

43 MERIT Model(s) Insider IT Sabotage 42

44 System Dynamics Approach A method and supporting toolset To holistically model, document, and analyze Complex problems as they evolve over time And develop effective mitigation strategies That balance competing concerns System Dynamics supports simulation to Validate characterization of problem Test out alternate mitigation strategies 43

45 MERIT Model Extreme Overview actual risk of insider attack technical precursor disgruntlement behavioral precursor sanctions discovery of precursors technical monitoring ability to conceal activity unknown access paths behavioral monitoring perceived risk of insider attack insider's unmet expectation org's trust of insider insider's expectation expectation fulfillment personal predisposition precipitating event

46 MERIT Model Details insider's unmet expectation O S S O O changing disgruntlement R2 disgruntlement sanctioning escalation S Insider disgruntlement B3 acting inappropriately offline employee intervention S disgruntlement control through employee intervention Behavioral precursors time to realize insider responsible S sanctioning B2 insider attack gratification S Sanctions S Severity of actions perceived by org S attack threshold Attack damage executing attack technical monitoring quality <acting inappropriately offline> S Attack damage potential R3 attack concealment increasing damage potential R4 attack escalation S Insider access paths acquiring unknown to unknown paths org S S insider desire to conceal actions S Technical precursors acting inappropriately online S S predisposition for technical sabotage forgetting paths discovering paths S Insider access paths known to org disabling known paths S B1 expectation re-alignment S falling expectation R1 Expectation by insider expectation fulfillment S expectation escalation O S rising expectation precipitating event technical freedom given insider <insider access path creation ability> <Insider access paths known to org> <paths insider needs to do job> B5 attack control by limiting ability to create access paths S Insider risk perceived by org insider access path creation ability O auditing S audit quality B4 attack control by disabling paths termination termination time threshold Insider employment status 45

47 Best Practices 46

48 CyLab Common Sense Guide - Best Practices Institute periodic enterprise-wide risk assessments. Institute periodic security awareness training for all employees. Enforce separation of duties and least privilege. Implement strict password and account management policies and practices. Log, monitor, and audit employee online actions. Use extra caution with system administrators and privileged users. Actively defend against malicious code. Use layered defense against remote attacks. Monitor and respond to suspicious or disruptive behavior. Deactivate computer access following termination. Collect and save data for use in investigations. Implement secure backup and recovery processes. Clearly document insider threat controls. 47

49 New Starts & Future Work New Starts Requirements for insider threat detection tools CyLab MERIT-IA (MERIT InterActive) o Analysis of current cases Future Work Self-directed risk assessment Best practice collaboration Investigative guidelines Extension/analysis of MERIT model Insider threat workshops 48

50 Questions / Comments 49

51 Points of Contact Insider Threat Team Lead: Dawn M. Cappelli Senior Member of the Technical Staff CERT Programs Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone Business Development: Joseph McLeod Business Manager Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone FAX Mobile System Dynamics Modeling Lead: Andrew P. Moore Senior Member of the Technical Staff CERT Programs Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone 50

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Dawn M. Cappelli Andrew P. Moore CERT Program Software Engineering Institute Carnegie Mellon University 04/09/08 Session Code:DEF-203

More information

The Key to Successful Monitoring for Detection of Insider Attacks

The Key to Successful Monitoring for Detection of Insider Attacks The Key to Successful Monitoring for Detection of Insider Attacks Dawn M. Cappelli Randall F. Trzeciak Robert Floodeen Software Engineering Institute CERT Program Session ID: GRC-302 Session Classification:

More information

Common Sense Guide to Prevention and Detection of Insider Threats

Common Sense Guide to Prevention and Detection of Insider Threats Common Sense Guide to Prevention and Detection of Insider Threats 2 nd Edition July 2006 Version 2.1 Carnegie Mellon University CyLab Authors Dawn Cappelli Andrew Moore Timothy J. Shimeall Randall Trzeciak

More information

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT

More information

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Risk Mitigation trategies: Lessons Learned from Actual Insider Attacks Randy Trzeciak eptember 24, 2012 http://www.cert.org/insider_threat/ 2012 Carnegie Mellon University Notices 2012 Carnegie Mellon

More information

The CERT Top 10 List for Winning the Battle Against Insider Threats

The CERT Top 10 List for Winning the Battle Against Insider Threats The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:

More information

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. DoD DMSMS Certificate Program: Establishing a Qualified DMSMS Workforce

DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. DoD DMSMS Certificate Program: Establishing a Qualified DMSMS Workforce DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY DoD DMSMS Certificate Program: Establishing a Qualified DMSMS Workforce Mr. Mitchell Canty 2011 DMSMS and Standardization Conference WARFIGHTER

More information

Overview Presented by: Boyd L. Summers

Overview Presented by: Boyd L. Summers Overview Presented by: Boyd L. Summers Systems & Software Technology Conference SSTC May 19 th, 2011 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection

More information

Report Documentation Page

Report Documentation Page (c)2002 American Institute Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the

More information

Tutorial: Cloud Computing Security

Tutorial: Cloud Computing Security Tutorial: Cloud Computing Security William R. Claycomb, PhD. Lead Research Scientist CERT Enterprise Threat and Vulnerability Management Team 2007-2012 Carnegie Mellon University Agenda Background: Cloud

More information

DEFENSE CONTRACT AUDIT AGENCY

DEFENSE CONTRACT AUDIT AGENCY DEFENSE CONTRACT AUDIT AGENCY Fundamental Building Blocks for an Acceptable Accounting System Presented by Sue Reynaga DCAA Branch Manager San Diego Branch Office August 24, 2011 Report Documentation Page

More information

Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management

Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management James W. Bilbro JB Consulting International Huntsville, AL Multi-dimensional Assessment of Technology Maturity Technology

More information

Asset Management- Acquisitions

Asset Management- Acquisitions Indefinite Delivery, Indefinite Quantity (IDIQ) contracts used for these services: al, Activity & Master Plans; Land Use Analysis; Anti- Terrorism, Circulation & Space Management Studies; Encroachment

More information

Spotlight On: Insider Threat from Trusted Business Partners

Spotlight On: Insider Threat from Trusted Business Partners Spotlight On: Insider Threat from Trusted Business Partners February 2010 Robert M. Weiland Andrew P. Moore Dawn M. Cappelli Randall F. Trzeciak Derrick Spooner This work was funded by Copyright 2010 Carnegie

More information

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett Issue Paper Center for Strategic Leadership, U.S. Army War College May 2003 Volume 04-03 Wargaming Homeland Security and Army Reserve Component Issues By Professor Michael Pasquarett Background The President

More information

Assurance Cases. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Charles B. Weinstock January 26, 2015

Assurance Cases. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Charles B. Weinstock January 26, 2015 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Charles B. Weinstock January 26, 2015 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for

More information

Security Threats in the 21st Century

Security Threats in the 21st Century Security Threats in the 21st Century Professor Colin S. Gray University of Reading, UK November 2006 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection

More information

U.S. Forces in Iraq. JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group

U.S. Forces in Iraq. JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group Order Code RS22449 Updated September 2, 27 U.S. Forces in Iraq JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group Summary Varying media estimates of military

More information

Common Sense Guide to Prevention and Detection of Insider Threats

Common Sense Guide to Prevention and Detection of Insider Threats Common Sense Guide to Prevention and Detection of Insider Threats Dawn Cappelli, Andrew Moore, Timothy Shimeall, US CERT Produced by US CERT, a government organization Table of Contents INTRODUCTION 3

More information

DCAA and the Small Business Innovative Research (SBIR) Program

DCAA and the Small Business Innovative Research (SBIR) Program Defense Contract Audit Agency (DCAA) DCAA and the Small Business Innovative Research (SBIR) Program Judice Smith and Chang Ford DCAA/Financial Liaison Advisors NAVAIR 2010 Small Business Aviation Technology

More information

U.S. Forces in Iraq. JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group

U.S. Forces in Iraq. JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group Order Code RS22449 Updated July 2, 27 U.S. Forces in Iraq JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group Summary Varying media estimates of military forces

More information

CERT Virtual Flow Collection and Analysis

CERT Virtual Flow Collection and Analysis CERT Virtual Flow Collection and Analysis For Training and Simulation George Warnagiris 2011 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden

More information

U.S. Forces in Iraq. JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group

U.S. Forces in Iraq. JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group Order Code RS22449 Updated April 13, 27 U.S. Forces in Iraq JoAnne O Bryant and Michael Waterhouse Information Research Specialists Knowledge Services Group Summary Varying media estimates of military

More information

Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition Version 3.1

Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition Version 3.1 Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition Version 3.1 Dawn Cappelli Andrew Moore Randall Trzeciak Timothy J. Shimeall January 2009 This work was funded by Copyright

More information

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector Marisa Reddy Randazzo Michelle Keeney Eileen Kowalski National Threat Assessment Center United States Secret Service Dawn

More information

Insider Threat Study:

Insider Threat Study: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors Michelle Keeney, J.D., Ph.D. Eileen Kowalski National Threat Assessment Center United States Secret Service Washington,

More information

Headquarters U.S. Air Force

Headquarters U.S. Air Force Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Air Force Technology Readiness Assessment (TRA) Process for Major Defense Acquisition Programs LtCol Ed Masterson Mr

More information

CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE

CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE LCDR Chris Eagle, and John L. Clark Naval Postgraduate School Abstract: Key words: In this paper, we describe the Capture-the-Flag (CTF) activity

More information

Analyzing the Costs of Alternative Army Active/Reserve Force Mixes

Analyzing the Costs of Alternative Army Active/Reserve Force Mixes INSTITUTE FOR DEFENSE ANALYSES Analyzing the Costs of Alternative Army Active/Reserve Force Mixes Stanley A. Horowitz Robert J. Atwell Shaun K. McGee June 2014 Approved for public release; distribution

More information

RT 24 - Architecture, Modeling & Simulation, and Software Design

RT 24 - Architecture, Modeling & Simulation, and Software Design RT 24 - Architecture, Modeling & Simulation, and Software Design Dennis Barnabe, Department of Defense Michael zur Muehlen & Anne Carrigy, Stevens Institute of Technology Drew Hamilton, Auburn University

More information

Rooting an Android Device

Rooting an Android Device ARL-TN-0706 SEP 2015 US Army Research Laboratory Rooting an Android Device by Ken F Yu Approved for public release; distribution unlimited. NOTICES Disclaimers The findings in this report are not to be

More information

EAD Expected Annual Flood Damage Computation

EAD Expected Annual Flood Damage Computation US Army Corps of Engineers Hydrologic Engineering Center Generalized Computer Program EAD Expected Annual Flood Damage Computation User's Manual March 1989 Original: June 1977 Revised: August 1979, February

More information

Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination

Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination Michael Hanley Joji Montelibano October 2011 TECHNICAL NOTE CMU/SEI-2011-TN-024 CERT Program http://www.sei.cmu.edu

More information

Recession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change

Recession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change Recession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI Final Draft for March 2009 CSI Alert I

More information

GLONASS STATUS UPDATE

GLONASS STATUS UPDATE GLONASS STATUS UPDATE Y. Urlichich, G. Stupak, V. Dvorkin, and S. Karutin Federal Space Agency 53 Aviamotornay str. Moscow, 111250, Russia Tel: + 7 495 673 97 29, Fax: +7 495 673 28 15, E-mail: sergey.karutin@rniikp.ru

More information

Guide to Using DoD PKI Certificates in Outlook 2000

Guide to Using DoD PKI Certificates in Outlook 2000 Report Number: C4-017R-01 Guide to Using DoD PKI Certificates in Outlook 2000 Security Evaluation Group Author: Margaret Salter Updated: April 6, 2001 Version 1.0 National Security Agency 9800 Savage Rd.

More information

C2ing the C2: Improving the Staff of the Corps Support Signal Battalion

C2ing the C2: Improving the Staff of the Corps Support Signal Battalion C2ing the C2: Improving the Staff of the Corps Support Signal Battalion Subject Area Electronic Warfare (EW) EWS 2006 C2ing the C2: Improving the Staff of the Corps Support Signal Battalion Submitted by

More information

ELECTRONIC HEALTH RECORDS. Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions

ELECTRONIC HEALTH RECORDS. Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions United States Government Accountability Office Report to Congressional July 2014 ELECTRONIC HEALTH RECORDS Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

CONTACTIN 4 AS A POSSIBLE AUTISM SUSCEPTIBILITY LOCUS

CONTACTIN 4 AS A POSSIBLE AUTISM SUSCEPTIBILITY LOCUS 2010 2011 Military Health System Conference CONTACTIN 4 AS A POSSIBLE AUTISM SUSCEPTIBILITY LOCUS The Quadruple Aim: Working Together, Achieving Success Sharing Knowledge: Achieving Breakthrough Performance

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

2010 2011 Military Health System Conference

2010 2011 Military Health System Conference 2010 2011 Military Health System Conference Population Health Management The Missing Element of PCMH Sharing The Quadruple Knowledge: Aim: Working Achieving Together, Breakthrough Achieving Performance

More information

NDCEE. Demonstration of Biodiesel in Non-deployed Ground Tactical Vehicles/Equipment. Dave Chavez, NAVFAC/ESC

NDCEE. Demonstration of Biodiesel in Non-deployed Ground Tactical Vehicles/Equipment. Dave Chavez, NAVFAC/ESC NDCEE Demonstration of Biodiesel in Non-deployed Ground Tactical Vehicles/Equipment DoD Executive Agent Office Office of the of the Assistant Assistant Secretary of the of Army the Army (Installations

More information

SMS: Getting Ready. Safety Management Systems

SMS: Getting Ready. Safety Management Systems SMS: Getting Ready Safety Management Systems REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per

More information

Night Vision Goggle Plate Machine vs. Cast Study

Night Vision Goggle Plate Machine vs. Cast Study Night Vision Goggle Plate Machine vs. Cast Study Project Number #NP06012111 Final Report 22 December 2006 Letterkenny Army Depot Chambersburg, PA Submitted by National Center for Defense Manufacturing

More information

John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011

John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011 John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the

More information

Software Security Engineering: A Guide for Project Managers

Software Security Engineering: A Guide for Project Managers Software Security Engineering: A Guide for Project Managers Gary McGraw Julia H. Allen Nancy Mead Robert J. Ellison Sean Barnum May 2013 ABSTRACT: Software is ubiquitous. Many of the products, services,

More information

An Application of an Iterative Approach to DoD Software Migration Planning

An Application of an Iterative Approach to DoD Software Migration Planning An Application of an Iterative Approach to DoD Software Migration Planning John Bergey Liam O Brien Dennis Smith September 2002 Product Line Practice Initiative Unlimited distribution subject to the copyright.

More information

The Environmental Impacts of Airport Deicing - Water Quality. William Swietlik US EPA Office of Water / Office of Science and Technology

The Environmental Impacts of Airport Deicing - Water Quality. William Swietlik US EPA Office of Water / Office of Science and Technology The Environmental Impacts of Airport Deicing - Water Quality William Swietlik US EPA Office of Water / Office of Science and Technology Report Documentation Page Form Approved OMB No. 0704-0188 Public

More information

AUSTRALIAN INNOVATIONS

AUSTRALIAN INNOVATIONS AUSTRALIAN INNOVATIONS Recent Developments in Australian EVM Practices Jim Muir & Kirsty McLean October 1998 REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burder for this collection

More information

Cancellation of Nongroup Health Insurance Policies

Cancellation of Nongroup Health Insurance Policies Cancellation of Nongroup Health Insurance Policies Bernadette Fernandez Specialist in Health Care Financing Annie L. Mach Analyst in Health Care Financing November 19, 2013 Congressional Research Service

More information

AFRL-RZ-WP-TM-2007-2138

AFRL-RZ-WP-TM-2007-2138 AFRL-RZ-WP-TM-2007-2138 ADVANCED PROPULSION CONCEPTS AND COMPONENT TECHNOLOGIES Jeffrey S. Stutrud Combustion Branch Turbine Engine Division JULY 2007 Approved for public release; distribution unlimited.

More information

Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency. May 11, 2011

Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency. May 11, 2011 Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency May 11, 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection

More information

Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center

Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center Technical Report - Final Award Number N00014-03-1-0844 Mod.

More information

Automation in Software Testing for Military Information Systems

Automation in Software Testing for Military Information Systems 148 Automation in Software Testing for Military Information Systems Jack Chandler SSC San Diego INTRODUCTION This paper shows how automation can improve test results. At the beginning of this effort, a

More information

2012 CyberSecurity Watch Survey

2012 CyberSecurity Watch Survey 2012 CyberSecurity Watch Survey Unknown How 24 % Bad is the Insider Threat? 51% 2007-2013 Carnegie Mellon University 2012 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY

More information

Cyber Security Training and Awareness Through Game Play

Cyber Security Training and Awareness Through Game Play Cyber Security Training and Awareness Through Game Play Benjamin D. Cone, Michael F. Thompson, Cynthia E. Irvine, and Thuy D. Nguyen Naval Postgraduate School, Monterey, CA 93943, USA {bdcone,mfthomps,irvine,tdnguyen}@nps.edu

More information

Document Title: System Administrator Policy

Document Title: System Administrator Policy Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

PRIS at TREC2012 KBA Track

PRIS at TREC2012 KBA Track PRIS at TREC2012 KBA Track Yan Li, Zhaozhao Wang, Baojin Yu, Yong Zhang, Ruiyang Luo, Weiran Xu, Guang Chen, Jun Guo School of Information and Communication Engineering, Beijing University of Posts and

More information

FIRST IMPRESSION EXPERIMENT REPORT (FIER)

FIRST IMPRESSION EXPERIMENT REPORT (FIER) THE MNE7 OBJECTIVE 3.4 CYBER SITUATIONAL AWARENESS LOE FIRST IMPRESSION EXPERIMENT REPORT (FIER) 1. Introduction The Finnish Defence Forces Concept Development & Experimentation Centre (FDF CD&E Centre)

More information

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 21-23 June 2005, at US Military Academy, West Point, NY 712CD For office use only 41205 Please complete this form 712CD as your cover

More information

Results Oriented Change Management

Results Oriented Change Management Results Oriented Change Management Validating Change Policy through Auditing Abstract Change management can be one of the largest and most difficult tasks for a business to implement, monitor and control

More information

Leveraging Privileged Identity Governance to Improve Security Posture

Leveraging Privileged Identity Governance to Improve Security Posture Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both

More information

Achieving Agility at Scale Improving Software Economics

Achieving Agility at Scale Improving Software Economics IBM Software Group Achieving Agility at Scale Improving Software Economics Walker Royce Vice President, Chief Software Economist 2009 IBM Corporation Report Documentation Page Form Approved OMB No. 0704-0188

More information

ADVANCED NETWORK SECURITY PROJECT

ADVANCED NETWORK SECURITY PROJECT AFRL-IF-RS-TR-2005-395 Final Technical Report December 2005 ADVANCED NETWORK SECURITY PROJECT Indiana University APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AIR FORCE RESEARCH LABORATORY INFORMATION

More information

Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest

Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest Look back on 2010 Agenda Incident types Inside Job? Source of Risk Role of Encryption Some Conclusions 2010 A Year In Review

More information

A GPS Digital Phased Array Antenna and Receiver

A GPS Digital Phased Array Antenna and Receiver A GPS Digital Phased Array Antenna and Receiver Dr. Alison Brown, Randy Silva; NAVSYS Corporation ABSTRACT NAVSYS High Gain Advanced GPS Receiver (HAGR) uses a digital beam-steering antenna array to enable

More information

Advanced Micro Ring Resonator Filter Technology

Advanced Micro Ring Resonator Filter Technology Advanced Micro Ring Resonator Filter Technology G. Lenz and C. K. Madsen Lucent Technologies, Bell Labs Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection

More information

Mobile Robot Knowledge Base

Mobile Robot Knowledge Base Mobile Robot Knowledge Base Tracy Heath Pastore* a, Mitchell Barnes** a, Rory Hallman b b SPAWAR Systems Center, San Diego, Code 2371, 53560 Hull Street, San Diego, CA 92152; b Computer Sciences Corporation,

More information

REPORT DOCUMENTATION PAGE

REPORT DOCUMENTATION PAGE REPORT DOCUMENTATION PAGE ROIForm Approved OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,

More information

Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations

Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Technical Report 05-13 September 2005 Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Eric D. Shaw Consulting & Clinical Psychology,

More information

In June 1998 the Joint Military Intelligence. Intelligence Education for Joint Warfighting A. DENIS CLIFT

In June 1998 the Joint Military Intelligence. Intelligence Education for Joint Warfighting A. DENIS CLIFT Defense Intelligence Analysis Center, home of JMIC. Intelligence Education for Joint Warfighting Courtesy Joint Military Intelligence College By A. DENIS CLIFT In June 1998 the Joint Military Intelligence

More information

COMPUTER SECURITY INCIDENT RESPONSE POLICY

COMPUTER SECURITY INCIDENT RESPONSE POLICY COMPUTER SECURITY INCIDENT RESPONSE POLICY 1 Overview The Federal Information Security Management Act (FISMA) of 2002 requires Federal agencies to establish computer security incident response capabilities.

More information

Monitoring of Arctic Conditions from a Virtual Constellation of Synthetic Aperture Radar Satellites

Monitoring of Arctic Conditions from a Virtual Constellation of Synthetic Aperture Radar Satellites DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Monitoring of Arctic Conditions from a Virtual Constellation of Synthetic Aperture Radar Satellites Hans C. Graber RSMAS

More information

Modeling Tunnel Magazine QD Arcs Using GIS

Modeling Tunnel Magazine QD Arcs Using GIS Modeling Tunnel Magazine QD Arcs Using GIS Ed Falconer, GISP Tyler Ross, PhD, PE NAVFAC ESC, 1100 23rd Ave, Port Hueneme, CA 93043-4370 Abstract The Naval Facilities Command (NAVFAC) Engineering Service

More information

By Major Matthew R. Little

By Major Matthew R. Little By Major Matthew R. Little The battalion executive officer gave Captain Smith a selection of field manuals (FMs) and described in detail the importance of a mission-essential task list (METL). Captain

More information

Report Documentation Page

Report Documentation Page Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions,

More information

Change Management: Automating the Audit Process

Change Management: Automating the Audit Process Change Management: Automating the Audit Process Auditing Change Management for Regulatory Compliance Abstract Change management can be one of the largest and most difficult tasks for a business to implement,

More information

SpectorSoft 2014 Insider Threat Survey

SpectorSoft 2014 Insider Threat Survey SpectorSoft 2014 Insider Threat Survey An overview of the insider threat landscape and key strategies for mitigating the threat challenge Executive Summary SpectorSoft recently surveyed 355 IT professionals,

More information

ASNE. Mr. Chris Deegan Executive Director PEO IWS. 10 February DISTRIBUTION STATEMENT A: Approved for Public Release: Distribution is Unlimited.

ASNE. Mr. Chris Deegan Executive Director PEO IWS. 10 February DISTRIBUTION STATEMENT A: Approved for Public Release: Distribution is Unlimited. ASNE Mr. Chris Deegan Executive Director PEO IWS 10 February 2012 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average

More information

ScotlandIS Trust in Software. Information Security in Financial Services. 26 February 2007

ScotlandIS Trust in Software. Information Security in Financial Services. 26 February 2007 ScotlandIS Trust in Software Information Security in Financial Services 26 February 2007 Information Security Information security is evolving We learn from managing our issues, trends and best practice

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Explorations of Science in Cyber Security

Explorations of Science in Cyber Security Explorations of cience in Cyber ecurity Dr. Greg hannon@cert.org Chief cientist October, 2012 +1 (412) 268-8545 www.sei.cmu.edu/about/people/shannon.cfm 2011 Carnegie Mellon University My cience of Cyber

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Network Working Group. S. Crocker Trusted Information Systems, Inc. B. Fraser. Software Engineering Institute. November 1991

Network Working Group. S. Crocker Trusted Information Systems, Inc. B. Fraser. Software Engineering Institute. November 1991 Network Working Group Request for Comments: 1281 R. Pethia Software Engineering Institute S. Crocker Trusted Information Systems, Inc. B. Fraser Software Engineering Institute November 1991 Status of this

More information

Autonomous Vehicles Panel 2011 Pacific Operations Science & Technology Conference

Autonomous Vehicles Panel 2011 Pacific Operations Science & Technology Conference Autonomous Vehicles Panel 2011 Pacific Operations Science & Technology Conference Dr. Grace Bochenek Director, U.S. Army RDECOM-TARDEC UNCLASSIFIED: Dist A. Approved for public release Report Documentation

More information

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section

More information

Architectural Tactics to Support Rapid and Agile Stability

Architectural Tactics to Support Rapid and Agile Stability RD AND AGILE STABILITY Architectural Tactics to Support Rapid and Agile Stability Felix Bachmann, SEI Robert L. Nord, SEI Ipek Ozkaya, SEI Abstract. The essence of stability in software development is

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Incident Reporting Guidelines for Constituents (Public)

Incident Reporting Guidelines for Constituents (Public) Incident Reporting Guidelines for Constituents (Public) Version 3.0-2016.01.19 (Final) Procedure (PRO 301) Department: GOVCERT.LU Classification: PUBLIC Contents 1 Introduction 3 1.1 Overview.................................................

More information

Environmental Scenario Generator (ESG) IPR 5-17-00

Environmental Scenario Generator (ESG) IPR 5-17-00 http://www.aesmry.com/esg/ Environmental Scenario Generator (ESG) IPR 5-17-00 Richard Siquig Naval Research Laboratory siquig@nrlmry.navy.mil REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public

More information

A B S T R A C T. Index Terms : Framework, threats, skill, social engineering, risks, insider. I. INTRODUCTION

A B S T R A C T. Index Terms : Framework, threats, skill, social engineering, risks, insider. I. INTRODUCTION A Framework to Mitigate the Social Engineering Threat to Information Security Rakesh Kumar*, Dr Hardeep Singh. Khalsa college for women, Amritsar, Guru Nanak Dev University, Amritsar rakeshmaster1980@rediffmail.com*,

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Structuring the Chief Information Security Officer Organization

Structuring the Chief Information Security Officer Organization Structuring the Chief Information Security Officer Organization December 1, 2015 Julia Allen Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific

More information