2012 CyberSecurity Watch Survey



Similar documents
Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

Supply-Chain Risk Management Framework

Monitoring Trends in Network Flow for Situational Awareness

Overview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.

Moving Target Reference Implementation

Network Analysis with isilk

The Key to Successful Monitoring for Detection of Insider Attacks

SOA for Healthcare: Promises and Pitfalls

Contracting Officer s Representative (COR) Interactive SharePoint Wiki

The CERT Top 10 List for Winning the Battle Against Insider Threats

Network Monitoring for Cyber Security

Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division

Assurance Cases for Design Analysis of Complex System of Systems Software

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Risk Management Framework

CERT Virtual Flow Collection and Analysis

CMMI for SCAMPI SM Class A Appraisal Results 2011 End-Year Update

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Tutorial: Cloud Computing Security

Cyber Intelligence Workforce

Architectural Implications of Cloud Computing

A Study of Systems Engineering Effectiveness. Building a Business Case for Systems Engineering

How To Use Elasticsearch

VoIP in Flow A Beginning

Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

How To Ensure Security In A System

Applying Software Quality Models to Software Security

Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks

Building Resilient Systems: The Secure Software Development Lifecycle

Abuse of CPE Devices and Recommended Fixes

Buyer Beware: How To Be a Better Consumer of Security Maturity Models

Getting Started with Service- Oriented Architecture (SOA) Terminology

CMMI: What do we need to do in Requirements Management & Engineering?

UFO: Verification with Interpolants and Abstract Interpretation

Penetration Testing Tools

Common Testing Problems: Pitfalls to Prevent and Mitigate

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center

Extending AADL for Security Design Assurance of the Internet of Things

Arcade Game Maker Pedagogical Product Line: Marketing and Product Plan

Information Asset Profiling

Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0

CITRIX SYSTEMS, INC. SOFTWARE LICENSE AGREEMENT

Computer Crime & Security Survey

Software Assurance Competency Model

Service Measurement Index Framework Version 2.1

Managing Security Risks in Modern IT Networks

ZIMPERIUM, INC. END USER LICENSE TERMS

Agile Development and Software Architecture: Understanding Scale and Risk

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE

Introduction to the OCTAVE Approach

An Application of an Iterative Approach to DoD Software Migration Planning

GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE

Non-Proprietary User Agreement BETWEEN

Software Security Engineering: A Guide for Project Managers

$100 SiLK Network Flow Sensor

REMOVE THIS COVER PAGE WHEN DOCUMENT IS READY FOR REVIEW AND SIGNATURE.

Third Party Software Used In PLEK500 (Utility for Win) v1.x.xx.xxx

emontage: An Architecture for Rapid Integration of Situational Awareness Data at the Edge

A Systematic Method for Big Data Technology Selection

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

COLOCATION AGREEMENT. 1. Term and Payment for Services

Cybersecurity y Managing g the Risks

A Framework for Categorizing Key Drivers of Risk

(e) Upon our request, you agree to sign a non-electronic version of this TOS.

Mayfair EULA for Journal Office

Cloud Hosting Terms and Conditions

Inject Design General Terms & Conditions

APPENDIX E TO DIR CONTRACT NO. DIR-TSO-2567 SOFTWARE MAINTENANCE AGREEMENT

Incident Management Capability Metrics Version 0.1

Covered California. Terms and Conditions of Use

THE WORLD IS MOVING FAST, SECURITY FASTER.

Transcription:

2012 CyberSecurity Watch Survey Unknown How 24 % Bad is the Insider Threat? 51% 2007-2013 Carnegie Mellon University

2012 Carnegie Mellon University NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. This work was created in the performance of Federal Government Contract Number FA8721-05-C- 0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013. CERT is a registered mark owned by Carnegie Mellon University. 2

How Bad Is the Insider Threat? 3

2012 CyberSecurity Watch Survey -1 CSO Magazine, USSS, CERT & Deloitte 479 respondents Percentage of Participants Who Experienced an Insider Incident 33% of organizations have more than 5000 employees 40% of organizations have less than 500 employees 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 55% 49% 51% 53% 41% 39% 43% 2004 2005 2006 2007 2008 2010 2011 4

2012 CyberSecurity Watch Survey -2 51 % of respondents Damage caused by insider attacks more damaging than outsider attacks Most common insider cyber incident Unintentional exposure of private or sensitive data (63%) Access to/ use of information, systems or networks (34%) Theft of other (proprietary) info including customer records, (17%) financial records, etc.. Theft of personally identifiable information (PII) (15%) 5

2012 CyberSecurity Watch Survey -3 What percent of the Electronic Crime events are known or suspected to have been caused by : Unknown 17% 24% Unknown 26 % 24 % Outsiders 53% 6

2012 CyberSecurity Watch Survey -4 Which Electronic Crimes were more costly or damaging to your organization, those perpetrated by: Unknown Unknown 29% 24 % Outsiders 35% 37% 51% 7

2012 CyberSecurity Watch Survey -5 How Insider Intrusions Are Handled 9% 7% 3% 82% Internally (without legal action or law enforcement) Internally (with legal action) Externally (notifying law enforcement) Externally (filing a civil action) Reason(s) CyberCrimes were not referred for legal action 2012 2011 Damage level insufficient to warrant prosecution 40% 42% Could not identify the individual/ individuals responsible for committing the ecrime 37% 40% Lack of evidence/not enough information to prosecute 34% 39% Concerns about negative publicity 14% 12% Concerns about liability 9% 8% Concerns that competitors would use incident to their advantage Prior negative response from law enforcement 7% 6% 6% 5% Unaware that we could report these crimes 4% 4% L.E. suggested incident was national security related 4% N/A Other 11% 11% Don't know 20% 20% 8 8

2012 CyberSecurity Watch Survey -6 Percentage of insiders versus outsiders 100 80 71 80 68 69 66 73 69 60 40 20 29 20 32 31 34 27 31 0 2004 2005 2006 2007 2008 2010 2011 insiders outsiders 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information