摘要 :
This fourth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT Program (part of Carnegie Mellon University's Software Engineering Institute), based on an expanded ...
展开
This fourth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT Program (part of Carnegie Mellon University's Software Engineering Institute), based on an expanded database of more than 700 insider threat cases and continued research and analysis. It introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, and outlines current patterns and trends. The guide then describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes features new to this edition: challenges to implementation, quick wins and highimpact solutions for small and large organizations, and relevant security standards. This edition also focuses on six groups within an organization - human resources, legal, physical security, data owners, information technology, and software engineering - and maps the relevant groups to each practice. The appendices provide a revised list of information security best practices, a new mapping of the guide's practices to established security standards, a new breakdown of the practices by organizational group, and new checklists of activities for each practice.
收起
摘要 :
Cyber crimes committed by malicious insiders are among the most significant threats to networked systems and data. When developing policies and procedures for responding to cyber security events, it is important to consider the in...
展开
Cyber crimes committed by malicious insiders are among the most significant threats to networked systems and data. When developing policies and procedures for responding to cyber security events, it is important to consider the insider threat. A malicious insider is a trusted insider who abuses his trust to disrupt operations, corrupt data, exfiltrate sensitive information, or compromise an IT (information technology) system, causing loss or damage. Left unchecked, their rogue actions may compromise the nations ability to fend off future attacks and safeguard critical infrastructure assets, such as the electric power grid. In fact, some of the most damaging attacks against the government have been launched by trusted insiders. As increased information-sharing exposes sensitive information to more insiders, such attacks will become an increasingly serious threat. Their concerns are shared by the private sector, where corporations maintain valuable, highly sensitive information and financial institutions manage the flow of and access to electronic funds.
收起
摘要 :
This report describes a new insider threat study funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) in collaboration with the U.S. Secret Service (USSS) and the CERT Insider Threat Ce...
展开
This report describes a new insider threat study funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) in collaboration with the U.S. Secret Service (USSS) and the CERT Insider Threat Center, part of Carnegie Mellon University s Software Engineering Institute. Researchers extracted technical and behavioral patterns from 67 insider and 13 external fraud cases; all 80 cases occurred between 2005 and the present. Using this information, we developed insights and risk indicators of malicious insider activity within the banking and finance sector. This information is intended to help private industry, government, and law enforcement more effectively prevent, deter, detect, investigate, and manage insider threats in this sector.
收起