Feature

Security researchers leading way in biometrics, insider threats, encryption and virtualization

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."

Download it now to read this article plus other related content.

SO YOU THINK YOU KNOW INSIDERS
Big business benefits from CyLab's work as well. Carnegie Mellon has a long-standing partnership with the CERT Coordination Center, whose home is on the CMU campus. Not only is CERT/CC a clearinghouse for critical system and software vulnerabilities and incident response, but it has evolved into a leading organization for the study of risks to the enterprise.

Insiders have widely been identified as the biggest threat to assets, in particular sensitive data such as customer information or intellectual property. Insiders are pegged as threats because they frequently have unimpeded access to these assets and are often aided by lax authorization and provisioning policies that dole out credentials to more applications and systems than are necessary to do one's job.

While technology solutions, such as identity management, can solve some of the problems, IT and business managers such as human resources executives can't rely on hardware and software alone to stop the riskiest threats: privileged insiders or disgruntled employees who have been let go or are on the verge of termination.

Spotting these troubled individuals before problems are unleashed is critical. CERT/CC has developed a detailed model of what disgruntled insiders look like and the sparks that set them off.

For privileged

    Requires Free Membership to View

insiders, system administrators or database administrators and those intent on causing some kind of IT sabotage, there is very little in the way of a demographic profile outside of the credentials they possess or hand out, says team lead Dawn M. Capelli.

But one thing does transcend all offenders.

"If you look at the people you work with, there are the one or two people who don't get along well with others, cause problems, can't take criticisms, and people walk on eggshells around them," Capelli says. "Those are the people who commit IT sabotage. We don't have a single case where people said, 'He was such a nice guy, I can't believe he did it.'"

While that narrows your field of potential risky insiders, there are still conditions that cause these situations to manifest, such as a withheld promotion or lower than expected pay raise. While these conditions usually aren't exclusive to the insider, some aren't able to overcome them psychologically and they become disgruntled.

"We've validated this with all our cases," Capelli says, noting that CERT/CC has a database of 150 actual cases from which it builds and refines its models. "This is a distinct pattern."

This was first published in November 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: