|
SO YOU THINK YOU KNOW INSIDERS
Big business benefits from CyLab's work as well. Carnegie Mellon has a long-standing partnership with the CERT Coordination Center, whose home is on the CMU campus. Not only is CERT/CC a clearinghouse for critical system and software vulnerabilities and incident response, but it has evolved into a leading organization for the study of risks to the enterprise.
Insiders have widely been identified as the biggest threat to assets, in particular sensitive data such as customer information or intellectual property. Insiders are pegged as threats because they frequently have unimpeded access to these assets and are often aided by lax authorization and provisioning policies that dole out credentials to more applications and systems than are necessary to do one's job.
While technology solutions, such as identity management, can solve some of the problems, IT and business managers such as human resources executives can't rely on hardware and software alone to stop the riskiest threats: privileged insiders or disgruntled employees who have been let go or are on the verge of termination.
Spotting these troubled individuals before problems are unleashed is critical. CERT/CC has developed a detailed model of what disgrun...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
tled insiders look like and the sparks that set them off.
For privileged insiders, system administrators or database administrators and those intent on causing some kind of IT sabotage, there is very little in the way of a demographic profile outside of the credentials they possess or hand out, says team lead Dawn M. Capelli.
But one thing does transcend all offenders.
"If you look at the people you work with, there are the one or two people who don't get along well with others, cause problems, can't take criticisms, and people walk on eggshells around them," Capelli says. "Those are the people who commit IT sabotage. We don't have a single case where people said, 'He was such a nice guy, I can't believe he did it.'"
While that narrows your field of potential risky insiders, there are still conditions that cause these situations to manifest, such as a withheld promotion or lower than expected pay raise. While these conditions usually aren't exclusive to the insider, some aren't able to overcome them psychologically and they become disgruntled.
"We've validated this with all our cases," Capelli says, noting that CERT/CC has a database of 150 actual cases from which it builds and refines its models. "This is a distinct pattern."
|
