Introduction to the Insider Threat workshop by Michael Weir.
Topic: Insider Threat
Insiders may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders, since the insider already has legitimate access to the organization's information and assets.
According to the Center for Development of Security Excellence (CDSE), an insider threat is defined as “the likelihood, risk or potential that an insider will use his or her authorized access, wittingly or unwittingly, to do harm to the security of the United States or the organization.” Insider threats may include harm to contractor or program information to the extent that the information impacts the contractor or agency’s obligations to protect classified national security information.
Presentation by Bruce Gabrielson.
This report on the development of a management tool for security managers and their counterparts in human resource departments will help to assess personnel security programs and organizational processes on various dimensions of insider risk. The goal is to minimize the risk of a broad range of adverse insider behaviors. Based on past studies of insider
The Insider Threat provides comprehensive examination of the current state-of-the-art in addressing the insider threat as it pertains to information technology systems. This SOAR provides an overview of how the insider threat is defined and viewed across the government, industry, and academia and discusses the different policy, technical, and procedural
The report provides an analysis and overview of findings based on 10, detailed cases studies of IT insider offenses that are contained in a companion report, “Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Report 2 – Case Studies. (FOUO)” These case studies describe the actions of disgruntled or malicious