Trends in Insider Threat practice – what are the insider threat actors trying to do now? Trends in Insider Threat defense – what are the defenders trying to do now? Moderator: Michael Weir, Quanterion Solutions Incorporated Panelists: Thomas "TJ" Vestal, AFRL/Rome Bruce Gabrielson, CACI Matthew Sweeney, SRC Randy Trzeciak, Director CMU Insider Threat
Topic: Insider Threat
Insiders may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders, since the insider already has legitimate access to the organization's information and assets.
According to the Center for Development of Security Excellence (CDSE), an insider threat is defined as “the likelihood, risk or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the security of the United States or the organization.” Insider threats may include harm to contractor or program information to the extent that the information impacts the contractor or agency’s obligations to protect classified national security information.
Presentation by Richard Cook on Next Generation Insider Threat.
Mark Troutman, Ph.D., Center for Infrastructure Protection and Homeland Security (CIP/HS) at the George Mason University Paul Losiewicz, Ph.D., Quanterion Solutions Incorporated (Presenter)
Presentation by Paul Losiewicz.
Presentation by Trent Brunson on Localized Encryption Groups (LEG).
Presentation by Randall Trzeciak.
Presentation by Matthew Sweeney.
Presentation by Zbigniew Kalbarczyk on BYOD/Cloud and the Insider Threat
The 2008 “The Insider Threat to Information Systems” SOAR was published by the Defense Technical Information Center (DTIC) under the Information Assurance Technology Analysis Center (IATAC). As heir to the IATAC, the Cyber Security and Information Systems Information Analysis Center (CSIAC) was asked to update the 2008 SOAR. The approach in producing this
The Insider Threat Workshop is a one-day review of current trends in Insider Threat tactics and remediation steps of interest to managers and Cyber Security professionals. The workshop provides an overview of the current state of understanding of who the “insiders” are, how they operate, what motivates them and what threats they pose to information systems.