1 / 13

Proactive Insider threat identification and treatment

COMBATING THE DECAY WITHIN. Proactive Insider threat identification and treatment. WHO. What. Conspiracy, Collusions and Collateral Damage. Acknowledge and Act. WHY. How. Overcoming denial. The thin line between privacy and protection. FAMOUSLY INFAMOUS. Michael Mitchell 1.

hogana
Download Presentation

Proactive Insider threat identification and treatment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. COMBATING THE DECAY WITHIN Proactive Insider threat identification and treatment

  2. WHO What Conspiracy, Collusions and Collateral Damage Acknowledge and Act WHY How Overcoming denial The thin line between privacy and protection

  3. FAMOUSLY INFAMOUS Michael Mitchell1 Shalin Jhaveri1 Kevin Downing2 ”An employee that was a well known danger, shot and killed a security guard—the guard was a father of three” “Disgruntled and fired for poor performance, sold employer’s trade secrets to competitor” “Gave trade secrets to a person he believed was an investor willing to finance a business in India” Roger Duronio3 Brandon Coughlin4 Matthew Keys5 Found guilty of computer sabotage and securities fraud for writing, planting, and disseminating malicious code that took down 2,000 servers. Exceed privileges to delete computer settings and patient information, as well as to make fraudulent technology purchases. Used his access as a former employee to help a hacker deface their website.

  4. CERT SEI/CMU6 Insiders can be current or former employees, contractors, sub-contractors, or other trusted business partners The CERT Insider Threat Center identifies five basic types of insider threat activities including: Sabotage Intellectual Property Theft Fraud Unintentional Insider Threat National Security Espionage

  5. SOURCE WITHOUT PERMISSION FOR EDUCATIONAL PURPOSES ONLY:https://dtexsystems.com/wp-content/uploads/2016/09/Dtex-2016-Cost-of-Insider-Threats-Infographic-01.png

  6. SOURCE WITHOUT PERMISSION FOR EDUCATIONAL PURPOSES ONLY:https://dtexsystems.com/wp-content/uploads/2016/09/Dtex-2016-Cost-of-Insider-Threats-Infographic-01.png

  7. Overcoming Denial

  8. MEASURING YOUR Maturity SOURCE: Unknown

  9. People Schedule a meeting with Human Resources, Legal, Internal Audit and Information Security to discuss formation of an insider threat program. Process Develop specific use cases for your organization and document processes to support use case discovery. Training Send employees responsible for program execution to external training. Similarly, develop internal training for all employees to “see something, say something.” Technology Consolidate and correlate your logs and data. Computer usage, physical access and human resource performance data are equally relevant for detection.

  10. SOURCE WITHOUT PERMISSION FOR EDUCATIONAL PURPOSES ONLY:https://dtexsystems.com/wp-content/uploads/2016/09/Dtex-2016-Cost-of-Insider-Threats-Infographic-01.png

  11. PRE-CRIME A VIEW FROM THE TOP

  12. REFERENCES 1.https://www.fbi.gov/file-repository/insider_threat_brochure.pdf 2.http://www.nationalinsiderthreatsig.org/pdfs/Insider%20Threats%20Incidents-Could%20They%20Happen%20To%20Your%20Organization.pdf 3.https://www.informationweek.com/ex-ubs-systems-admin-sentenced-to-97-months-in-jail/d/d-id/1049873? 4. https://www.healthcareinfosecurity.com/former-systems-administrator-gets-prison-time-a-10299 5. https://www.huffingtonpost.com/2013/03/19/matthew-keys-rogue-employee-hackers_n_2903021.html 6. CERT (SEI/CMU) Insider Threat Overview 7. 1 A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes, American Academy of Arts and Sciences 8. Best Practices in Insider Threats in All Nations, Carnegie Mellon University Software Engineering Institute 9. DTEX Systems Information Graphic (Copied without permission for educational purposes only)

  13. Todd W. Colvin A business savvy converged security executive with a demonstrated ability to dissect critical operating processes for the purpose of identifying weaknesses and providing commercially reasonable recommendations to reduce financial, regulatory or legal impacts to any organization. Expert knowledge in the domains of Risk Identification and Mitigation, Security Governance, Revenue Generation and Protection, Regulatory and Marketplace Alignment. A global Chief Information Security Officer capable of leading businesses, governments and communities through a perpetual world of change. CERTIFICATIONS EDUCATION Master of Science Information Security and Assurance (MSISA) Concentration in Incident Response and Digital Forensics Upsilon Pi Epsilon Honor Society Singularly recognized as Outstanding Student for MSISA Program Norwich University (Northfield, VT), June 2017 Certified Protection Professional (CPP) Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) GIAC Security and Network Auditor (GSNA)-GOLD CERT SEI/CMU Insider Threat Program Management (InTP) Certificate NACD/CERT Cybersecurity Oversight

More Related