© 2019 InfraGard National Capital Region Members Alliance.  

WARRANTY DISCLAIMER  The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials.” The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.

OFFICIAL LINKS

  • White LinkedIn Icon
  • Facebook Clean
  • Twitter Clean
Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

Vantage Point: Addressing the Insider Threat

 

At the recent InfraGard Southeast Region ISI, a panel of experts discussed ways to address insider threats. I took away several useful perspectives on the question, and wanted to share them with all of our members.

 

First, insider attacks come in a variety of forms, including personal fraud, IP theft, IT sabotage, physical attack, and active shooter. Not all of these attack types involve the use of technology.

 

Second, many insider attacks occur at key moments in the lifecycle of an employee or contractor. These key moments include when an employee or contractor is hired, transferred, terminated, put on a performance improvement plan, or subject to M&A activity. Each of these moments represents a change for both the employee and the company - whether a seemingly positive change or a potentially difficult one. Some of these events may result in a change of attitude by a previously loyal employee.

 

Third, it is critical to understand "normal" behavior for your insiders and to be able to detect behavior that deviates from normal. In one common scenario for insider theft of intellectual property, an insider will use legitimate access permissions to retrieve data that they rarely or never access. Although the access is technically authorized, if it deviates from normal behavior it may represent a higher risk.

 

Fourth, the ability to correlate abnormal access requests with key moments in an insider's lifecycle can help identify high-risk situations. This requires both technical controls and a strong relationship between security, legal, and human resources.

 

Finally, remember that your supply chain may also represent insiders. Anyone who is allowed inside your facilities, networks, or systems is an insider, regardless of who issues their paycheck. Although third parties may be bound by a contract to conduct background checks and respect your company's IP, you cannot assume that the contract is enough to protect yourself against a threat from your supply chain.

 

So, how can you get started with your insider threat program? US-CERT's "Common Sense Guide" represents best practices for addressing the insider threat. Their recommendations don't just help address insider threats - they apply to a variety of threats. The guide points out that an insider threat program requires a "layered defense." An important component of the program is situational awareness -- knowing your users, knowing your assets, monitoring connections, and establishing a baseline for normal behavior.

Please reload

Follow Us
Please reload

Search By Tags