The Lethal Insider Threat Dr. Emma GarrisonAlexander University of Maryland University College October 17, 2014
The Lethal Insider Threat Dr. Emma Garrison-‐Alexander
University of Maryland University College October 17, 2014
THE INSIDER THREAT An insider threat is generally defined as a current or former employee, contractor… Who has or had authorized access to an organizaRon’s network, system or data… IntenRonally misused that access to negaRvely affect the confidenRality, integrity, or availability of the organizaRon’s informaRon or informaRon systems….. To include sabotage, theW, espionage, fraud… Carried out through abusing access rights, theW of materials and mishandling of physical devices. Source: Na+onal Center for Cybersecurity and Communica+ons Integra+on Center (2014). Comba+ng the Inside Threat.
CIOs & CISOs Worst Nightmare
THE EXECUTIVE
ExecuRves Are Deaf, Make Them Listen
BREACHES ARE A GOOD THING!
HOME DEPOT SEPTEMBER 2014
56 MILLION CUSTOMERS AFFECTED
TARGET CORPORATION DECEMBER 2013
70 MILLION CUSTOMER AFFECTED
JP MORGAN SEPTEMBER 2014
76 MILLION CUSTOMERS AFFECTED
THE EMPLOYEE CASE STUDY – News Headlines – Douglas Duchak
“TSA Worker Tried to Sabotage Terror Database” (Fox News, 2009) “TSA Worker Gets 2 Years for PlanRng Logic Bomb in Screening System” (WIRED, 2011) “Douglas, Duchak, Ex-‐TSA Worker, Gets 2 Years For PlanRng Malware In Screening System” (Huffington Post, 2011)
WHAT YOU DON’T KNOW CAN HURT YOU
THE ENVIRONMENT INFORMATION TECHNOLOGY
THE GOOD, THE BAD, THE UGLY
MicrosoW Releases October 2014 Security BulleRn
CYBER DEFENSE METHODOLOGY
Applica(on Support
Managed Services
Basic Services
Enterprise Management Services
Physical Security
Facility
Desktop w Install w Maintenance
Server w Storage w Pla?orm
Monitoring w Power w Pipe
Service Center w Asset Management
People w System w Interfaces
Structure w Environmental w Power Se
curity
Personnel & Training Policy
IDS
Focused Operations
Computer
Network
Defense
Network Intrusion Detection
Classification
Management
Patch Management
End-Point Protection
Vulnerability Assessments
Key Focus Areas
1) Security OperaRons Center
2) Network OperaRons Center
3) ConRnuous Monitoring
4) Meta Data Management
5) Intrusion DetecRon
6) Incident Response
Con(nuous Monitoring
Meta Data Management • RBAC • PBAC • ABAC
Con(nuous Monitoring
“BUILD IN SECURITY” OR
“BUILD IN VULNERABILITY”
QUESTIONS???