Pay Attention! What are Your Employees Doing?
|
|
- Amberly Carson
- 7 years ago
- Views:
Transcription
1 Pay Attention! What are Your Employees Doing? Dawn M. Cappelli Carnegie Mellon University
2 Report Documentation Page Form Approved OMB No Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE JAN REPORT TYPE 3. DATES COVERED to TITLE AND SUBTITLE Pay Attention! What are Your Employees Doing? 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University,Software Engineering Institute (SEI),Pittsburgh,PA, PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 50 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18
3 Financial Institution Discovers $691 Million in Losses... Covered up for 5 Years by Trusted Employee
4 Manufacturer Loses $10 Million- Lays Off 80 Employees... Sabotage by Employee of Eleven Years Nearly Puts Company Out of Business
5 COULD THIS HAPPEN TO YOU? 4
6 Introduction 5
7 What is CERT? Center of Internet security expertise Established in 1988 by the US Department of Defense in 1988 on the heels of the Morris worm that created havoc on the ARPANET, the precursor to what is the Internet today Located in the Software Engineering Institute (SEI) Federally Funded Research & Development Center (FFRDC) Operated by Carnegie Mellon University (Pittsburgh, Pennsylvania) 6
8 Overview of Talk Background Introduction Evolution of CERT s insider threat research Insider IT Sabotage Key Observations Case examples Statistics MERIT Models of Insider IT Sabotage Common Sense Guide Best Practices Future Work 7
9 Background 8
10 2006 e-crime Watch Survey CSO Magazine, USSS & CERT 434 respondents Percentage of Incidents With no Source Identified Percentage of insiders versus outsiders insiders outsiders 9
11 Percentage of Participants Who Experienced an Insider Incident ( )
12 Types of Insider Crimes Fraud: obtaining property or services from the organization unjustly through deception or trickery. Theft of Information: stealing confidential or proprietary information from the organization. IT Sabotage: acting with intention to harm a specific individual, the organization, or the organization s data, systems, and/or daily business operations. 11
13 Examples of Insider Crimes Fraud examples: Sale of confidential information (SSN, credit card numbers, etc ) Modification of critical data for pay (driver s license records, criminal records, welfare status, etc ) Stealing of money (financial institutions, government organizations, etc ) Theft of Information examples: Theft of customer information Theft of source code Theft of organization s data Sabotage examples: Deletion of information Bringing down systems Web site defacement to embarrass organization 12
14 Evolution of CERT Insider Threat Research Insider threat case studies U.S. Department Of Defense Personnel Security Research Center (PERSEREC) CERT/U.S. Secret Service Insider Threat Study Best practices Carnegie Mellon CyLab Common Sense Guide to Prevention and Detection of Insider Threats System dynamics modeling Carnegie Mellon CyLab Management and Education on the Risk of Insider Threat (MERIT) PERSEREC 13
15 CERT/USSS Insider Threat Study Definition of insider: Current or former employees or contractors who o o intentionally exceeded or misused an authorized level of access to networks, systems or data in a manner that targeted a specific individual or affected the security of the organization s data, systems and/or daily business operations 14
16 Insider Threat Study Funded by US Secret Service (partially by Department of Homeland Security) Examined technical & psychological aspects Analyzed actual cases to develop information for prevention & early detection Methodology: Collected cases (150) Codebooks Interviews Reports Training 15
17 Insider Threat Study Case Breakdown IT Sabotage: 54 Fraud: 44 Theft of IP: cases total 16
18 Next: The Big Picture Important aspects of the insider threat problem: Interaction of policies, practices, and technology over time Interaction between psychological & technical aspects of the problem Need for innovative training materials CyLab funding: MERIT: Management and Education of the Risk of Insider Threat Initial Proof of Concept: insider IT sabotage 17
19 Definition of Insider IT Sabotage Cases across critical infrastructure sectors in which the insider s primary goal was to sabotage some aspect of an organization or direct specific harm toward an individual(s). 18
20 Insider IT Sabotage Key Observations 19
21 Who Were the Saboteurs? Age: Gender: mostly males Variety of racial & ethnic backgrounds Marital status: fairly evenly split married versus single Almost 1/3 had previous arrests 20
22 Observation #1: Most insiders had personal predispositions that contributed to their risk of committing malicious acts. 21
23 Case Example Observation #1 A database administrator wipes out critical data after her supervisor and coworkers undermine her authority. 22
24 Personal Predispositions 60% 40% Exhibited Unknown 23
25 Observation #2: Most insiders disgruntlement is due to unmet expectations. 24
26 Case Example Observation #2 A network engineer retaliates after his hope of recognition and technical control are dashed. 25
27 Unmet Expectations No Unmet Expectations 100% Unmet Expectations ** Data was only available for 25 cases 26
28 Observation #3: In most cases, stressors, including sanctions and precipitating events, contributed to the likelihood of insider IT sabotage. 27
29 Case Example Observation #3 A disgruntled system administrator strikes back after his life begins to fall apart personally and professionally. 28
30 Stressors /Sanctions/Precipitating Events Unknown 3% Stressors/Sanctions/ Precipitating Events 97% 29
31 Observation #4: Behavioral precursors were often observable in insider IT sabotage cases but ignored by the organization. 30
32 Case Example Observation #4 A weird tech guy is able to attack following termination because no one recognizes the danger signs. 31
33 Behavioral Precursors 20% No concerning behavior 80% Concerning behavior 32
34 Observation #5: Insiders created or used access paths unknown to management to set up their attack and conceal their identity or actions. The majority attacked after termination. 33
35 Case Example Observation #5 The weird tech guy realizes the end is near so he sneakily sets up his attack. 34
36 Created or used unknown access paths No unknown access paths 25% 75% Unknown access paths 35
37 Observation #6: In many cases, organizations failed to detect technical precursors. 36
38 Case Example Observation #6 A logic bomb sits undetected for 6 months before finally wreaking havoc on a telecommunications firm. 37
39 Technical precursors undetected No Undetected technical precursors 13% 87% Undetected technical precursors 38
40 Observation #7: Lack of physical and electronic access controls facilitated IT sabotage. 39
41 Case Example Observation #7 Emergency services are forced to rely on manual address lookups for 911 calls when an insider sabotages the system. 40
42 Lack of Access Controls Adequate Access Controls 7% 93% Inadequate Access Controls 41
43 MERIT Model(s) Insider IT Sabotage 42
44 System Dynamics Approach A method and supporting toolset To holistically model, document, and analyze Complex problems as they evolve over time And develop effective mitigation strategies That balance competing concerns System Dynamics supports simulation to Validate characterization of problem Test out alternate mitigation strategies 43
45 MERIT Model Extreme Overview actual risk of insider attack technical precursor disgruntlement behavioral precursor sanctions discovery of precursors technical monitoring ability to conceal activity unknown access paths behavioral monitoring perceived risk of insider attack insider's unmet expectation org's trust of insider insider's expectation expectation fulfillment personal predisposition precipitating event
46 MERIT Model Details insider's unmet expectation O S S O O changing disgruntlement R2 disgruntlement sanctioning escalation S Insider disgruntlement B3 acting inappropriately offline employee intervention S disgruntlement control through employee intervention Behavioral precursors time to realize insider responsible S sanctioning B2 insider attack gratification S Sanctions S Severity of actions perceived by org S attack threshold Attack damage executing attack technical monitoring quality <acting inappropriately offline> S Attack damage potential R3 attack concealment increasing damage potential R4 attack escalation S Insider access paths acquiring unknown to unknown paths org S S insider desire to conceal actions S Technical precursors acting inappropriately online S S predisposition for technical sabotage forgetting paths discovering paths S Insider access paths known to org disabling known paths S B1 expectation re-alignment S falling expectation R1 Expectation by insider expectation fulfillment S expectation escalation O S rising expectation precipitating event technical freedom given insider <insider access path creation ability> <Insider access paths known to org> <paths insider needs to do job> B5 attack control by limiting ability to create access paths S Insider risk perceived by org insider access path creation ability O auditing S audit quality B4 attack control by disabling paths termination termination time threshold Insider employment status 45
47 Best Practices 46
48 CyLab Common Sense Guide - Best Practices Institute periodic enterprise-wide risk assessments. Institute periodic security awareness training for all employees. Enforce separation of duties and least privilege. Implement strict password and account management policies and practices. Log, monitor, and audit employee online actions. Use extra caution with system administrators and privileged users. Actively defend against malicious code. Use layered defense against remote attacks. Monitor and respond to suspicious or disruptive behavior. Deactivate computer access following termination. Collect and save data for use in investigations. Implement secure backup and recovery processes. Clearly document insider threat controls. 47
49 New Starts & Future Work New Starts Requirements for insider threat detection tools CyLab MERIT-IA (MERIT InterActive) o Analysis of current cases Future Work Self-directed risk assessment Best practice collaboration Investigative guidelines Extension/analysis of MERIT model Insider threat workshops 48
50 Questions / Comments 49
51 Points of Contact Insider Threat Team Lead: Dawn M. Cappelli Senior Member of the Technical Staff CERT Programs Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone Business Development: Joseph McLeod Business Manager Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone FAX Mobile System Dynamics Modeling Lead: Andrew P. Moore Senior Member of the Technical Staff CERT Programs Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone 50
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Dawn M. Cappelli Andrew P. Moore CERT Program Software Engineering Institute Carnegie Mellon University 04/09/08 Session Code:DEF-203
More informationThe Key to Successful Monitoring for Detection of Insider Attacks
The Key to Successful Monitoring for Detection of Insider Attacks Dawn M. Cappelli Randall F. Trzeciak Robert Floodeen Software Engineering Institute CERT Program Session ID: GRC-302 Session Classification:
More informationCommon Sense Guide to Prevention and Detection of Insider Threats
Common Sense Guide to Prevention and Detection of Insider Threats 2 nd Edition July 2006 Version 2.1 Carnegie Mellon University CyLab Authors Dawn Cappelli Andrew Moore Timothy J. Shimeall Randall Trzeciak
More informationRisk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Risk Mitigation trategies: Lessons Learned from Actual Insider Attacks Randy Trzeciak eptember 24, 2012 http://www.cert.org/insider_threat/ 2012 Carnegie Mellon University Notices 2012 Carnegie Mellon
More informationInsider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT
More informationOverview Presented by: Boyd L. Summers
Overview Presented by: Boyd L. Summers Systems & Software Technology Conference SSTC May 19 th, 2011 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More informationReport Documentation Page
(c)2002 American Institute Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationUsing the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management
Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management James W. Bilbro JB Consulting International Huntsville, AL Multi-dimensional Assessment of Technology Maturity Technology
More informationAsset Management- Acquisitions
Indefinite Delivery, Indefinite Quantity (IDIQ) contracts used for these services: al, Activity & Master Plans; Land Use Analysis; Anti- Terrorism, Circulation & Space Management Studies; Encroachment
More informationTutorial: Cloud Computing Security
Tutorial: Cloud Computing Security William R. Claycomb, PhD. Lead Research Scientist CERT Enterprise Threat and Vulnerability Management Team 2007-2012 Carnegie Mellon University Agenda Background: Cloud
More informationDEFENSE CONTRACT AUDIT AGENCY
DEFENSE CONTRACT AUDIT AGENCY Fundamental Building Blocks for an Acceptable Accounting System Presented by Sue Reynaga DCAA Branch Manager San Diego Branch Office August 24, 2011 Report Documentation Page
More informationIssue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett
Issue Paper Center for Strategic Leadership, U.S. Army War College May 2003 Volume 04-03 Wargaming Homeland Security and Army Reserve Component Issues By Professor Michael Pasquarett Background The President
More informationSpotlight On: Insider Threat from Trusted Business Partners
Spotlight On: Insider Threat from Trusted Business Partners February 2010 Robert M. Weiland Andrew P. Moore Dawn M. Cappelli Randall F. Trzeciak Derrick Spooner This work was funded by Copyright 2010 Carnegie
More informationCERT Virtual Flow Collection and Analysis
CERT Virtual Flow Collection and Analysis For Training and Simulation George Warnagiris 2011 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationCAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE
CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE LCDR Chris Eagle, and John L. Clark Naval Postgraduate School Abstract: Key words: In this paper, we describe the Capture-the-Flag (CTF) activity
More informationDCAA and the Small Business Innovative Research (SBIR) Program
Defense Contract Audit Agency (DCAA) DCAA and the Small Business Innovative Research (SBIR) Program Judice Smith and Chang Ford DCAA/Financial Liaison Advisors NAVAIR 2010 Small Business Aviation Technology
More informationHeadquarters U.S. Air Force
Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Air Force Technology Readiness Assessment (TRA) Process for Major Defense Acquisition Programs LtCol Ed Masterson Mr
More informationRT 24 - Architecture, Modeling & Simulation, and Software Design
RT 24 - Architecture, Modeling & Simulation, and Software Design Dennis Barnabe, Department of Defense Michael zur Muehlen & Anne Carrigy, Stevens Institute of Technology Drew Hamilton, Auburn University
More informationInsider Threat Study:
Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors Michelle Keeney, J.D., Ph.D. Eileen Kowalski National Threat Assessment Center United States Secret Service Washington,
More informationGuide to Using DoD PKI Certificates in Outlook 2000
Report Number: C4-017R-01 Guide to Using DoD PKI Certificates in Outlook 2000 Security Evaluation Group Author: Margaret Salter Updated: April 6, 2001 Version 1.0 National Security Agency 9800 Savage Rd.
More informationCommon Sense Guide to Prevention and Detection of Insider Threats 3rd Edition Version 3.1
Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition Version 3.1 Dawn Cappelli Andrew Moore Randall Trzeciak Timothy J. Shimeall January 2009 This work was funded by Copyright
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationCommon Sense Guide to Prevention and Detection of Insider Threats
Common Sense Guide to Prevention and Detection of Insider Threats Dawn Cappelli, Andrew Moore, Timothy Shimeall, US CERT Produced by US CERT, a government organization Table of Contents INTRODUCTION 3
More informationSoftware Security Engineering: A Guide for Project Managers
Software Security Engineering: A Guide for Project Managers Gary McGraw Julia H. Allen Nancy Mead Robert J. Ellison Sean Barnum May 2013 ABSTRACT: Software is ubiquitous. Many of the products, services,
More informationELECTRONIC HEALTH RECORDS. Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions
United States Government Accountability Office Report to Congressional July 2014 ELECTRONIC HEALTH RECORDS Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions
More information2010 2011 Military Health System Conference
2010 2011 Military Health System Conference Population Health Management The Missing Element of PCMH Sharing The Quadruple Knowledge: Aim: Working Achieving Together, Breakthrough Achieving Performance
More informationInsider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination
Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination Michael Hanley Joji Montelibano October 2011 TECHNICAL NOTE CMU/SEI-2011-TN-024 CERT Program http://www.sei.cmu.edu
More informationRecession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change
Recession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI Final Draft for March 2009 CSI Alert I
More informationJohn Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011
John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the
More informationAn Application of an Iterative Approach to DoD Software Migration Planning
An Application of an Iterative Approach to DoD Software Migration Planning John Bergey Liam O Brien Dennis Smith September 2002 Product Line Practice Initiative Unlimited distribution subject to the copyright.
More informationEAD Expected Annual Flood Damage Computation
US Army Corps of Engineers Hydrologic Engineering Center Generalized Computer Program EAD Expected Annual Flood Damage Computation User's Manual March 1989 Original: June 1977 Revised: August 1979, February
More information2012 CyberSecurity Watch Survey
2012 CyberSecurity Watch Survey Unknown How 24 % Bad is the Insider Threat? 51% 2007-2013 Carnegie Mellon University 2012 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY
More informationPima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center
Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center Technical Report - Final Award Number N00014-03-1-0844 Mod.
More informationMr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency. May 11, 2011
Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency May 11, 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More informationCancellation of Nongroup Health Insurance Policies
Cancellation of Nongroup Health Insurance Policies Bernadette Fernandez Specialist in Health Care Financing Annie L. Mach Analyst in Health Care Financing November 19, 2013 Congressional Research Service
More informationIn June 1998 the Joint Military Intelligence. Intelligence Education for Joint Warfighting A. DENIS CLIFT
Defense Intelligence Analysis Center, home of JMIC. Intelligence Education for Joint Warfighting Courtesy Joint Military Intelligence College By A. DENIS CLIFT In June 1998 the Joint Military Intelligence
More informationFIRST IMPRESSION EXPERIMENT REPORT (FIER)
THE MNE7 OBJECTIVE 3.4 CYBER SITUATIONAL AWARENESS LOE FIRST IMPRESSION EXPERIMENT REPORT (FIER) 1. Introduction The Finnish Defence Forces Concept Development & Experimentation Centre (FDF CD&E Centre)
More informationCyber Security Training and Awareness Through Game Play
Cyber Security Training and Awareness Through Game Play Benjamin D. Cone, Michael F. Thompson, Cynthia E. Irvine, and Thuy D. Nguyen Naval Postgraduate School, Monterey, CA 93943, USA {bdcone,mfthomps,irvine,tdnguyen}@nps.edu
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationAUSTRALIAN INNOVATIONS
AUSTRALIAN INNOVATIONS Recent Developments in Australian EVM Practices Jim Muir & Kirsty McLean October 1998 REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burder for this collection
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationAdvanced Micro Ring Resonator Filter Technology
Advanced Micro Ring Resonator Filter Technology G. Lenz and C. K. Madsen Lucent Technologies, Bell Labs Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More information73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation
73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 21-23 June 2005, at US Military Academy, West Point, NY 712CD For office use only 41205 Please complete this form 712CD as your cover
More informationA GPS Digital Phased Array Antenna and Receiver
A GPS Digital Phased Array Antenna and Receiver Dr. Alison Brown, Randy Silva; NAVSYS Corporation ABSTRACT NAVSYS High Gain Advanced GPS Receiver (HAGR) uses a digital beam-steering antenna array to enable
More informationBryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest
Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest Look back on 2010 Agenda Incident types Inside Job? Source of Risk Role of Encryption Some Conclusions 2010 A Year In Review
More informationADVANCED NETWORK SECURITY PROJECT
AFRL-IF-RS-TR-2005-395 Final Technical Report December 2005 ADVANCED NETWORK SECURITY PROJECT Indiana University APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AIR FORCE RESEARCH LABORATORY INFORMATION
More informationTHE MIMOSA OPEN SOLUTION COLLABORATIVE ENGINEERING AND IT ENVIRONMENTS WORKSHOP
THE MIMOSA OPEN SOLUTION COLLABORATIVE ENGINEERING AND IT ENVIRONMENTS WORKSHOP By Dr. Carl M. Powe, Jr. 2-3 March 2005 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden
More informationTen Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations
Technical Report 05-13 September 2005 Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Eric D. Shaw Consulting & Clinical Psychology,
More informationMobile Robot Knowledge Base
Mobile Robot Knowledge Base Tracy Heath Pastore* a, Mitchell Barnes** a, Rory Hallman b b SPAWAR Systems Center, San Diego, Code 2371, 53560 Hull Street, San Diego, CA 92152; b Computer Sciences Corporation,
More informationInsider Threat Security Reference Architecture
Insider Threat Security Reference Architecture Joji Montelibano Andrew Moore April 2012 TECHNICAL REPORT CMU/SEI-2012-TR-007 ESC-TR-2012-007 CERT Program http://www.sei.cmu.edu Copyright 2012 Carnegie
More informationArmy Environmental Policy and ISO 14001
Army Environmental Policy and ISO 14001 Army Environmental Policy and ISO 14001 Rick Sinclair and Rochie Tschirhart Since the 1970s, the U.S. Army has instituted environmental policies, programs, regulations,
More informationInsider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources
Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources George J. Silowash Christopher King January 2013 TECHNICAL NOTE CMU/SEI-2013-TN-002
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationMonitoring of Arctic Conditions from a Virtual Constellation of Synthetic Aperture Radar Satellites
DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Monitoring of Arctic Conditions from a Virtual Constellation of Synthetic Aperture Radar Satellites Hans C. Graber RSMAS
More informationINFORMATION TECHNOLOGY POLICY
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of : DPW Information Security and Privacy Policies Domain: Security Date Issued: 05/09/2011 Date Revised: 11/07/2013
More informationExplorations of Science in Cyber Security
Explorations of cience in Cyber ecurity Dr. Greg hannon@cert.org Chief cientist October, 2012 +1 (412) 268-8545 www.sei.cmu.edu/about/people/shannon.cfm 2011 Carnegie Mellon University My cience of Cyber
More informationDEFENSE BUSINESS PRACTICE IMPLEMENTATION BOARD
Defense Business Practice Implementation Board DEFENSE BUSINESS PRACTICE IMPLEMENTATION BOARD Report to the Senior Executive Council, Department of Defense MANAGEMENT INFORMATION TASK GROUP Report FY02-3
More informationResults Oriented Change Management
Results Oriented Change Management Validating Change Policy through Auditing Abstract Change management can be one of the largest and most difficult tasks for a business to implement, monitor and control
More informationA DOCTORAL PROGRAM WITH SPECIALIZATION IN INFORMATION SECURITY A High Assurance Constructive Security Approach
A DOCTORAL PROGRAM WITH SPECIALIZATION IN INFORMATION SECURITY A High Assurance Constructive Security Approach Cynthia E. Irvine and Timothy E. Levin Department of Computer Science, Naval Postgraduate
More informationPROBLEM STATEMENT: Will reducing the ASD for Kadena AB F-15 C/Ds increase the CPFH for this Mission Design Series (MDS)?
CONSULTING REPORT Kadena F-15 C/D Cost per Flying Hour Analysis PROJECT MANAGERS: Capt Jeremy Howe and Capt Kevin Dawson AFLMA PROJECT NUMBER: LM200520700 16 August 2005 BACKGROUND: Kadena AB is currently
More informationA B S T R A C T. Index Terms : Framework, threats, skill, social engineering, risks, insider. I. INTRODUCTION
A Framework to Mitigate the Social Engineering Threat to Information Security Rakesh Kumar*, Dr Hardeep Singh. Khalsa college for women, Amritsar, Guru Nanak Dev University, Amritsar rakeshmaster1980@rediffmail.com*,
More informationSpectorSoft 2014 Insider Threat Survey
SpectorSoft 2014 Insider Threat Survey An overview of the insider threat landscape and key strategies for mitigating the threat challenge Executive Summary SpectorSoft recently surveyed 355 IT professionals,
More informationHigh-Risk User Monitoring
Whitepaper High-Risk User Monitoring Using ArcSight IdentityView to Combat Insider Threats Research 037-081910-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationIMS-ISA Incident Response Guideline
THE UNIVERSITY OF TEXAS HEALTH SCIENCE CENTER AT SAN ANTONIO IMS-ISA Incident Response Guideline Incident Response Information Security and Assurance 12/31/2009 This document serves as a guideline for
More informationwww.veriato.com Employment Termination Policy
www.veriato.com Employment Termination Policy Employment Termination Policy When an employee s relationship with a company is terminated, whether voluntarily or involuntarily, it is the responsibility
More informationTITLE: The Impact Of Prostate Cancer Treatment-Related Symptoms On Low-Income Latino Couples
AD Award Number: W81WH-07-1-0069 TITLE: The Impact Of Prostate Cancer Treatment-Related Symptoms On Low-Income Latino Couples PRINCIPAL INVESTIGATOR: Sally L. Maliski, Ph.D., R.N. CONTRACTING ORGANIZATION:
More informationDocument Title: System Administrator Policy
Document Title: System REVISION HISTORY Effective Date:15-Nov-2015 Page 1 of 5 Revision No. Revision Date Author Description of Changes 01 15-Oct-2015 Terry Butcher Populate into Standard Template Updated
More informationInsider Risk Evaluation and Audit
Technical Report 09-02 August 2009 Insider Risk Evaluation and Audit Eric D. Shaw Consulting & Clinical Psychology, Ltd. Lynn F. Fischer Defense Personnel Security Research Center Andrée E. Rose Northrop
More informationIT Trends and the Cyber Security Agenda
State of the States: IT Trends and the Cyber Security Agenda Executive Policy Forum on Cyber and Electronic Crime NGA Center for Best Practices September 9, 2008 Doug Robinson Executive Director NASCIO
More informationIISUP-. NAVAL SUPPLY SVSTE:MS COMMAND. Ready. Resourceful. Responsive!
~ IISUP-. NAVAL SUPPLY SVSTE:MS COMMAND Ready. Resourceful. Responsive! Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated
More informationAward Number: MIPR 3GD3DJ3078. TITLE: Outcome Analysis Tool for Army Refractive Surgery Program. PRINCIPAL INVESTIGATOR: Kraig S. Bower, M.D.
AD Award Number: MIPR 3GD3DJ3078 TITLE: Outcome Analysis Tool for Army Refractive Surgery Program PRINCIPAL INVESTIGATOR: Kraig S. Bower, M.D. CONTRACTING ORGANIZATION: Walter Reed Army Medical Center
More informationWhite Paper. Information Security -- Network Assessment
Network Assessment White Paper Information Security -- Network Assessment Disclaimer This is one of a series of articles detailing information security procedures as followed by the INFOSEC group of Computer
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationIncident Reporting Guidelines for Constituents (Public)
Incident Reporting Guidelines for Constituents (Public) Version 3.0-2016.01.19 (Final) Procedure (PRO 301) Department: GOVCERT.LU Classification: PUBLIC Contents 1 Introduction 3 1.1 Overview.................................................
More informationChange Management: Automating the Audit Process
Change Management: Automating the Audit Process Auditing Change Management for Regulatory Compliance Abstract Change management can be one of the largest and most difficult tasks for a business to implement,
More informationNetwork Working Group. S. Crocker Trusted Information Systems, Inc. B. Fraser. Software Engineering Institute. November 1991
Network Working Group Request for Comments: 1281 R. Pethia Software Engineering Institute S. Crocker Trusted Information Systems, Inc. B. Fraser Software Engineering Institute November 1991 Status of this
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationDUVAL COUNTY PUBLIC SCHOOLS (DCPS) INFORMATION SECURITY PROGRAM SUBJECT: ACCEPTABLE USE POLICY (AUP) POLICY NUMBER: 8.71
ACCEPTABLE USE POLICY (AUP) POLICY NUMBER: 8.71 PURPOSE/SCOPE: This establishes the School Board Policy for Acceptable Use of Information Resources and applies to all users of DCPS information resources.
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationInsider Risk: What You Don t Know can Lead to Serious Consequences
Insider Risk: What You Don t Know can Lead to Serious Consequences Dawn Cappelli Vice President, Information Risk Management CISO Office Rockwell Automation PUBLIC INFORMATION Actual Insider Sabotage Case
More informationNiagara County Community College
Niagara County Community College NCCCnet Computer Usage Policy Document: NCCCnet Computer Usage Policy Owner: Chief Information Officer Version: 2.0 NCCCnet Policy Page 1 of 7 NCCCnet Use Policy Introduction:
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationTuesday, May 13, 2014 1:00-2:00 EDT. Is Your Credit Union Prepared for a DDoS Attack?
Tuesday, May 13, 2014 1:00-2:00 EDT Is Your Credit Union Prepared for a DDoS Attack? INTRODUCTION Dennis Dollar Principal Partner Dollar & Associates Former NCUA Chair Is Your Credit Union Prepared for
More informationHIGH-RISK USER MONITORING
HIGH-RISK USER MONITORING Using ArcSight IdentityView to Combat Insider Threats HP Enterprise Security Business Whitepaper Overview Security professionals once defended their networks against bots and
More informationAudit Report. Management and Security of Office of Budget and Program Analysis Information Technology Resources. U.S. Department of Agriculture
U.S. Department of Agriculture Office of Inspector General Southeast Region Audit Report Management and Security of Office of Budget and Program Analysis Information Technology Resources Report No. 39099-1-AT
More informationCommon Sense Guide to Mitigating Insider Threats 4 th Edition
Common Sense Guide to Mitigating Insider Threats 4 th Edition George Silowash Dawn Cappelli Andrew Moore Randall Trzeciak Timothy J. Shimeall Lori Flynn December 2012 TECHNICAL REPORT CMU/SEI-2012-TR-012
More informationAFRL-RX-WP-TP-2008-4023
AFRL-RX-WP-TP-2008-4023 HOW KILLDEER MOUNTAIN MANUFACTURING IS OPTIMIZING AEROSPACE SUPPLY CHAIN VISIBILITY USING RFID (Postprint) Jeanne Duckett Killdeer Mountain Manufacturing, Inc. FEBRUARY 2008 Final
More informationNETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section
More informationDr. Gary S. E. Lagerloef Earth and Space Research, 1910 Fairview Ave E
Establishing a NOAA Operational Data Center for Surface Currents Derived from Satellite Altimeters and Scatterometers; Pilot Study for the Tropical Pacific Including the Hawaiian Islands and US Territorial
More informationGAO INFORMATION SECURITY. FBI Needs to Address Weaknesses in Critical Network
GAO United States Government Accountability Office Report to the Honorable F. James Sensenbrenner Jr., House of Representatives April 2007 INFORMATION SECURITY FBI Needs to Address Weaknesses in Critical
More informationTOP 3. Reasons to Give Insiders a Unified Identity
TOP 3 Reasons to Give Insiders a Unified Identity Although much publicity around computer security points to hackers and other outside attacks, insider threats can be particularly insidious and dangerous,
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More information