insider threat
Home > Security Definitions - Insider threat
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

insider threat

Show me everything on Security Awareness Training and Internal Threats

DEFINITION - An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise.

Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has "done them wrong" and feel justified in gaining revenge. The malicious activity usually occurs in four steps or phases. First, the cracker gains entry to the system or network. Secondly, the cracker investigates the nature of the system or network in order to learn where the vulnerable points are and where the most damage can be caused with the least effort. Thirdly, the cracker sets up a workstation from which the nefarious activity can be conducted. Finally, the actual destructive activity takes place.

The damage caused by an insider threat can take many forms, including the introduction of viruses, worms, or Trojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise. Protection against the insider threat involves measures similar to those recommended for Internet users, such as the use of multiple spyware scanning programs, anti-virus programs, firewalls, and a rigorous data backup and archiving routine.

Learn more about Security Awareness Training and Internal Threats
Securing Web apps against authenticated users: Improve Web site security by securing Web applications from authenticated users and avoiding client-side authentication.
Thwarting insider threats: Five simple measures you can take to protect your organization from insider attacks.
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Schneier, Ranum debate social networking risks: Should companies be concerned about employees' social networking? Bruce Schenier and Marcus Ranum take opposite sides on this issue.
Quiz: Anatomy of an attack: Take this five-question quiz and test your knowledge of social-engineering and data-mining attacks.
Security Metrics: Replacing Fear, Uncertainty, and Doubt: In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner.
Threats to physical security: The sixth tip in our series, "How to assess and mitigate information security threats".

LAST UPDATED: 05 Jun 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- The Research Foundation at Texas A&M University discusses the insider threat.
- Carnegie Mellon Software Institute has conducted a study of the insider threat in banking and finance.
- Intrusic outlines how malicious hackers compromise information systems and offers solutions.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Health Net breach failure of security policy, technology
Investigators should question why an external hard drive contained seven years of data, but IT security should have had the appropriate security...
Health Net healthcare data breach affects1.5 million
A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net...
Massive T-Mobile UK security breach involves insiders
A UK agency suspects insiders are behind a massive data breach at T-Mobile UK where customer data was pilfered and sold to competitors.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
dumpster diving  (SearchSecurity.com)
Honeynet Project  (SearchSecurity.com)




Get More insider threat Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts