peter sakaris cissp booz allen hamilton, 1299 farnam street suite 1230, omaha, ne 68102 402-232-3829...
TRANSCRIPT
Peter Sakaris CISSPBooz Allen Hamilton, 1299 Farnam StreetSuite 1230, Omaha, NE 68102402-232-3829 [email protected]
The Insider Threat
Definition
An insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally or unintentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems and/or compromised the physical security of the organization
CERT, http://www.cert.org/insider-threat/
Some important/potential indicators of an insider threat. •Greed/ financial need, Vulnerability to blackmail, Compulsive and destructive behavior, Rebellious, or passive aggressive behavior, Ethical “flexibility”, Reduced loyalty•Entitlement – narcissism (ego/self-image)•Inability to assume responsibility for actions•Intolerance of criticism•Pattern of frustration and disappointment
Source: Combating the Insider Threat 2 May 2014 DHS, http://www.dss.mil/documents/ci/Insider-Threats.pdf
Indicators
Of those who have committed espionage since 1950: •More than 1/3 had no security clearance •Twice as many “insiders” volunteered as were recruited •Naturalized U.S. citizens •Most recent spies acted alone •Nearly 85% passed information before being caught •Out of the 11 most recent cases, 90% used computers while conducting espionage and 2/3 used the Internet to initiate contact
Commonalities
• Works odd hours without authorization • Notable enthusiasm for overtime, weekend or unusual work
schedules • Unnecessarily copies material, especially if it is proprietary or
classified • Signs of vulnerability, such as drug or alcohol abuse, financial
difficulties, gambling, illegal activities, poor mental health or hostile behavior.
• Be on the lookout for warning signs among employees such as the acquisition of unexpected wealth, unusual foreign travel, irregular work hours or unexpected absences
Behavioral Indicators
Lone Wolfe Phenomenon
• Vet everyone and every entity that can or does have access to internal networks from the outside or physical spaces
• Outward facing security combined with seamless security
• Specific program developed depends upon organizational culture but general of security principles apply
• Culture and process are important concepts
Program Development
Insider Threat Program Development• Culture of the organization must encourage
reporting• Reporting mechanism must be clear and
concise. Who do I call?• Anonymity must be guaranteed• Awareness and Training activities
– Discussion: policies, resources, and reporting methods
– Role playing– Seminars
ReferencesUS CERT, SEI, at Carnegie-Mellon UniversityDepartment of Homeland Security
Secret Service Federal Bureau of Investigation (CI and Cyber)National Insider Threat Task Force (USD(I))Defense Security Service (IS and CI)
Questions?