SlideShare ist ein Scribd-Unternehmen logo

Developing Your Insider Threat Program: Insider Threat Best Practices

Als PPT, PDF herunterladen
Government Technology and Services Coalition
Government Technology and Services Coalition

Developing Your Insider Threat Program: Insider Threat Best Practices presented at The National Security Supply Chain: Reducing the Vulnerabilities meeting by the Government Technology & Services Coalition (GTSC)

BusinessTechnologie
1 von 17
Insider Threat: Best Practices Katherine D. Mills CENTRA Technology, Inc. CENTRA TECHNOLOGY, INC. 1
Threat is Now: Recent Malicious Insiders Major Nidal Hassan – Responsible for shooting at Fort Hood Texas Bradley Manning – Unauthorized disclosure to WikiLeaks Edward Snowden – Unauthorized disclosure of NSA surveillance programs Aaron Alexis – Responsible for shooting at the Washington Navy Yard CENTRA TECHNOLOGY, INC. 2
Why Consider Insider Threat?  Protect national security and corporate assets – We don’t want to be in the news  Will be required by Government – Changes to NISPOM – Required by Sponsors  Want to ensure we are taking positive steps to protect our company and assets CENTRA TECHNOLOGY, INC. 3
How to Begin…  Do your research: Tons of free resources available – CERT • Common Sense Guide to Mitigating Insider Threats – DSS • Insider threat video and brochures – FBI website and movie “Betrayed” – ONCIX website – ASIS • “Detecting the Insider Threat,” October 2013 CENTRA TECHNOLOGY, INC. 4
Steps  Team  Assets  Procedures  Awareness  Document plan CENTRA TECHNOLOGY, INC. 5
Step 1: Identify the Team  Identify team members who understand and can contribute to the mission: – – – – COO HR Security IT  Who will be responsible for: – – – – Drafting the plan Reporting to sponsors and Government Bi-monthly meetings Budget approval CENTRA TECHNOLOGY, INC. 6
Step 2: Understand Your Assets Conduct a risk assessment Talk to management about assets – What are the corporate jewels? – Are they currently protected? – How sensitive are they? • What is the risk if they are leaked? – Who has access to the information? CENTRA TECHNOLOGY, INC. 7
Step 3: Tighten Up Procedures  Tighten procedures – Termination procedures – Unclassified data handling and access  Document expectations to staff  Violation policy CENTRA TECHNOLOGY, INC. 8
Step 4: Security Education  Free cartoons, brochures, articles available – No need to reinvent the wheel!  Incorporate insider threat into annual refresher training  Monthly security news item on reporting  Updated current policies – Acceptable Use Policy  Ensure staff understand reporting; make it easy for staff to report confidentially CENTRA TECHNOLOGY, INC. 9
Step 5: Draft a Plan  Document what you have learned  Steps 1-4: – – – – Team What are assets and overall risk What procedures have been impacted Security education program  Work-in-progress CENTRA TECHNOLOGY, INC. 10
Confronting the Insider Threat “It is important for each company to identify what an insider threat is and to set a policy in place on how to deal with insider threats. The policies must outline certain types of behavior that warrant scrutiny, disciplinary action, or even termination so that companies have a basis from which to work when they do identify potential threats.” ASIS: October 2013 CENTRA TECHNOLOGY, INC. 11
Encourage Reporting  Encourage employees to report  Provide confidential means of reporting  Staff holding security clearance are required to report adverse information, including potential threats  Trust your instincts, if you see something, say something!  It is better to report something that turns out to be nothing than to not report a serious security issue CENTRA TECHNOLOGY, INC. 12
Detecting the Insider Post incident investigations reveal family, friends, or coworkers notice a suspect’s indicators, but they fail to report concerns “Subjects often tell people close to them what they are doing, and sometimes even engage associates in the process. Former intimates (spouses, lovers, close friends – people with whom they spent a good deal of time) are a potentially important source of information in all investigations.”* *Source: Declassified Director of Central Intelligence Memorandum of 12 April 1990; Subject: Project Slammer Interim Report CENTRA TECHNOLOGY, INC. 13
Threat Indicators  Apparent unexplained affluence or excessive indebtedness  Efforts to conceal foreign contacts, travel, or foreign interests  Access to information or IT systems without need-to-know  Exploitable behavior – criminal activity – excessive gambling – drug or alcohol abuse – problems at work  Questionable judgment or untrustworthiness CENTRA TECHNOLOGY, INC. 14
Threat Indicators, cont.  Apparent mental, emotional or personality disorders(s)  Disgruntled  Working odd or late hours  Unreported foreign travel  Suspicious foreign contacts  Unreported offer of financial assistance, gifts, or favors by a foreign national or stranger  Requesting access to information outside of official job duties including sensitive or classified information CENTRA TECHNOLOGY, INC. 15
Summary of Best Practices  Know your people; recognize concerning behaviors as potential indicators  Protect your “crown jewels”  Pay close attention at termination  Monitor ingress and egress points (IT systems and physical security)  Baseline normal activity and look for anomalies  Work together across organization  Educate employees regarding potential recruitment CENTRA TECHNOLOGY, INC. 16
Sources CENTRA TECHNOLOGY, INC. http://threatgeek.typepad.com/.a/6a0147e41f3c0a970b0177429dd0ce970d-pi 17

Empfohlen

Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 

Empfohlen

Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insidersgjohansen
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
GTSC 5th Anniversary Annual Report: Steady in a Sea of Change
GTSC 5th Anniversary Annual Report: Steady in a Sea of ChangeGTSC 5th Anniversary Annual Report: Steady in a Sea of Change
GTSC 5th Anniversary Annual Report: Steady in a Sea of ChangeGovernment Technology and Services Coalition
 
Government Technology & Services Coalition 2015 Annual Report
Government Technology & Services Coalition 2015 Annual ReportGovernment Technology & Services Coalition 2015 Annual Report
Government Technology & Services Coalition 2015 Annual ReportGovernment Technology and Services Coalition
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...
GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...
GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...Government Technology and Services Coalition
 
GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big Picture
GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big PictureGTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big Picture
GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big PictureGovernment Technology and Services Coalition
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...Government Technology and Services Coalition
 
GTSC Annual Meeting 2014: BD Exchange
GTSC Annual Meeting 2014: BD ExchangeGTSC Annual Meeting 2014: BD Exchange
GTSC Annual Meeting 2014: BD ExchangeGovernment Technology and Services Coalition
 
GTSC June 2013 - November 2014 Annual Report
GTSC June 2013 - November 2014 Annual ReportGTSC June 2013 - November 2014 Annual Report
GTSC June 2013 - November 2014 Annual ReportGovernment Technology and Services Coalition
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Government Technology and Services Coalition
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Government Technology and Services Coalition
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...
Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...
Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...Government Technology and Services Coalition
 
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...Government Technology and Services Coalition
 
Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...
Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...
Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...Government Technology and Services Coalition
 
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...Government Technology and Services Coalition
 
Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...
Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...
Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...Government Technology and Services Coalition
 
Brian Usher: The Evolving Threats: A Local Government Perspective
Brian Usher: The Evolving Threats: A Local Government PerspectiveBrian Usher: The Evolving Threats: A Local Government Perspective
Brian Usher: The Evolving Threats: A Local Government PerspectiveGovernment Technology and Services Coalition
 
David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused Agency
David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused AgencyDavid Kaufman: FEMA's Preparedness: A Leading, Agile, Focused Agency
David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused AgencyGovernment Technology and Services Coalition
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 

Weitere ähnliche Inhalte

Mehr von Government Technology and Services Coalition

Mehr von Government Technology and Services Coalition (20)

GTSC 5th Anniversary Annual Report: Steady in a Sea of Change
GTSC 5th Anniversary Annual Report: Steady in a Sea of ChangeGTSC 5th Anniversary Annual Report: Steady in a Sea of Change
GTSC 5th Anniversary Annual Report: Steady in a Sea of Change
 
Government Technology & Services Coalition 2015 Annual Report
Government Technology & Services Coalition 2015 Annual ReportGovernment Technology & Services Coalition 2015 Annual Report
Government Technology & Services Coalition 2015 Annual Report
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...
GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...
GTSC Annual Meeting 2014: Michelle Mrdeza: What to Expect When You Are Expect...
 
GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big Picture
GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big PictureGTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big Picture
GTSC Annual Meeting 2014: Chani Wiggins: 114th Congress: Big Picture
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
 
GTSC Annual Meeting 2014: BD Exchange
GTSC Annual Meeting 2014: BD ExchangeGTSC Annual Meeting 2014: BD Exchange
GTSC Annual Meeting 2014: BD Exchange
 
GTSC June 2013 - November 2014 Annual Report
GTSC June 2013 - November 2014 Annual ReportGTSC June 2013 - November 2014 Annual Report
GTSC June 2013 - November 2014 Annual Report
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...
Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...
Antwayne Johnson: Alert/Notification Technologies: The Integrated Public Aler...
 
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
 
Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...
Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...
Todd Jasper: How Can We Leverage Technology to Improve Performance: Social Me...
 
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
Kevin Delin: How Can We Leverage Technology to Improve Performance: The Senso...
 
Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...
Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...
Brian Lepore: The Evolving Threats: GAO's Report on DOD's Infrastructure Adap...
 
Brian Usher: The Evolving Threats: A Local Government Perspective
Brian Usher: The Evolving Threats: A Local Government PerspectiveBrian Usher: The Evolving Threats: A Local Government Perspective
Brian Usher: The Evolving Threats: A Local Government Perspective
 
David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused Agency
David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused AgencyDavid Kaufman: FEMA's Preparedness: A Leading, Agile, Focused Agency
David Kaufman: FEMA's Preparedness: A Leading, Agile, Focused Agency
 

Kürzlich hochgeladen

Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdftbatkhuu1
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 

Kürzlich hochgeladen (20)

Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
A305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdfA305_A2_file_Batkhuu progress report.pdf
A305_A2_file_Batkhuu progress report.pdf
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 

Developing Your Insider Threat Program: Insider Threat Best Practices

  • 1. Insider Threat: Best Practices Katherine D. Mills CENTRA Technology, Inc. CENTRA TECHNOLOGY, INC. 1
  • 2. Threat is Now: Recent Malicious Insiders Major Nidal Hassan – Responsible for shooting at Fort Hood Texas Bradley Manning – Unauthorized disclosure to WikiLeaks Edward Snowden – Unauthorized disclosure of NSA surveillance programs Aaron Alexis – Responsible for shooting at the Washington Navy Yard CENTRA TECHNOLOGY, INC. 2
  • 3. Why Consider Insider Threat?  Protect national security and corporate assets – We don’t want to be in the news  Will be required by Government – Changes to NISPOM – Required by Sponsors  Want to ensure we are taking positive steps to protect our company and assets CENTRA TECHNOLOGY, INC. 3
  • 4. How to Begin…  Do your research: Tons of free resources available – CERT • Common Sense Guide to Mitigating Insider Threats – DSS • Insider threat video and brochures – FBI website and movie “Betrayed” – ONCIX website – ASIS • “Detecting the Insider Threat,” October 2013 CENTRA TECHNOLOGY, INC. 4
  • 5. Steps  Team  Assets  Procedures  Awareness  Document plan CENTRA TECHNOLOGY, INC. 5
  • 6. Step 1: Identify the Team  Identify team members who understand and can contribute to the mission: – – – – COO HR Security IT  Who will be responsible for: – – – – Drafting the plan Reporting to sponsors and Government Bi-monthly meetings Budget approval CENTRA TECHNOLOGY, INC. 6
  • 7. Step 2: Understand Your Assets Conduct a risk assessment Talk to management about assets – What are the corporate jewels? – Are they currently protected? – How sensitive are they? • What is the risk if they are leaked? – Who has access to the information? CENTRA TECHNOLOGY, INC. 7
  • 8. Step 3: Tighten Up Procedures  Tighten procedures – Termination procedures – Unclassified data handling and access  Document expectations to staff  Violation policy CENTRA TECHNOLOGY, INC. 8
  • 9. Step 4: Security Education  Free cartoons, brochures, articles available – No need to reinvent the wheel!  Incorporate insider threat into annual refresher training  Monthly security news item on reporting  Updated current policies – Acceptable Use Policy  Ensure staff understand reporting; make it easy for staff to report confidentially CENTRA TECHNOLOGY, INC. 9
  • 10. Step 5: Draft a Plan  Document what you have learned  Steps 1-4: – – – – Team What are assets and overall risk What procedures have been impacted Security education program  Work-in-progress CENTRA TECHNOLOGY, INC. 10
  • 11. Confronting the Insider Threat “It is important for each company to identify what an insider threat is and to set a policy in place on how to deal with insider threats. The policies must outline certain types of behavior that warrant scrutiny, disciplinary action, or even termination so that companies have a basis from which to work when they do identify potential threats.” ASIS: October 2013 CENTRA TECHNOLOGY, INC. 11
  • 12. Encourage Reporting  Encourage employees to report  Provide confidential means of reporting  Staff holding security clearance are required to report adverse information, including potential threats  Trust your instincts, if you see something, say something!  It is better to report something that turns out to be nothing than to not report a serious security issue CENTRA TECHNOLOGY, INC. 12
  • 13. Detecting the Insider Post incident investigations reveal family, friends, or coworkers notice a suspect’s indicators, but they fail to report concerns “Subjects often tell people close to them what they are doing, and sometimes even engage associates in the process. Former intimates (spouses, lovers, close friends – people with whom they spent a good deal of time) are a potentially important source of information in all investigations.”* *Source: Declassified Director of Central Intelligence Memorandum of 12 April 1990; Subject: Project Slammer Interim Report CENTRA TECHNOLOGY, INC. 13
  • 14. Threat Indicators  Apparent unexplained affluence or excessive indebtedness  Efforts to conceal foreign contacts, travel, or foreign interests  Access to information or IT systems without need-to-know  Exploitable behavior – criminal activity – excessive gambling – drug or alcohol abuse – problems at work  Questionable judgment or untrustworthiness CENTRA TECHNOLOGY, INC. 14
  • 15. Threat Indicators, cont.  Apparent mental, emotional or personality disorders(s)  Disgruntled  Working odd or late hours  Unreported foreign travel  Suspicious foreign contacts  Unreported offer of financial assistance, gifts, or favors by a foreign national or stranger  Requesting access to information outside of official job duties including sensitive or classified information CENTRA TECHNOLOGY, INC. 15
  • 16. Summary of Best Practices  Know your people; recognize concerning behaviors as potential indicators  Protect your “crown jewels”  Pay close attention at termination  Monitor ingress and egress points (IT systems and physical security)  Baseline normal activity and look for anomalies  Work together across organization  Educate employees regarding potential recruitment CENTRA TECHNOLOGY, INC. 16

Hinweis der Redaktion

  1. Here are the priorities for putting your plan in place We’ll discuss each of these in some detail
  2. According to ASIS article on Confronting the Insider Threat