Insider Threats

4046 WordsDec 6, 201017 Pages
EE8084: Cyber Security Topic: Insider Threat Detection and Management ABSTRACT Insider threats are considered as one of the most serious security problems in many studies and have received considerable attention among organizations over the world. This report will present the term “insider” and “insider threats” in cyber security, motives and effects of insider threats, underlying issues and causes of insider threats, prevention and detection of insider threats and management of insider threats within the organizations. The report will include case studies of malicious insider threats on IT sabotage and fraud as well as oblivious insider threats with analysis and discussions. 1. INTRODUCTION In recent years, countries around…show more content…
Continuous Logging Many companies have already implemented continuous logging and centralized secure log server with restricted access to very few people. This could be used to detect and investigate changes that occur infrequently such as changes to operating system files, scripts and executable services. All these changes could come in the form of software patches that could be pushed down either from the server done by the system administrator or possibly malicious insiders who tried to modify the system to their own needs. As some computer system contain sensitive data, such as the client database and company portfolio, companies actually exercise control of the transfer of data from the system to removable storage devices such as flash drive and portable hard disk by coming up with a logging system. Another way is to do auditing on various areas and keeping records of them. Possible things that companies audit on their secure systems include the following: * Access to backup information and results of backup and recovery tests. * Database transactions to detect unauthorized access and modification of data. * Data access and modification for all tables in a database. * Individual actions for all users who have privileged accounts, i.e. Access to confidential data or access the secure system server. * Physical access to the secure system server attempts.
Open Document