INSIDERS
Bolingbrook, Illinois
Prepared for
Illinois Institute of Technology
And
Ray Trygstad
Prepared by ITMS Student
Sultan Baig
September 15, 2014
Abstract
Insider is an employee who have access to company’s resources, has right to represent assets, and liberty to make decisions about them. An insider tag cannot be enforced only upon CEOs or senior level managers; instead, an insider can be anyone at any level who works or have worked for a company. The goal of this research paper is to provide the basic understanding about how an insider can be a threat. Also to provide some easy to implement solutions to those problems. In addition, without going in much technical details, the research paper discuss the different
…show more content…
Security Apprehension 13
A. Rogue Access Points 14
B. Physical Security 14
1. Prevent Damage to the Physical Infrastructure 15
2. Prevent Misuse of the Physical Infrastructure 15
VII. Conclusion 15
VIII. Bibliography & References 17
Thesis Statement
If the companies start considering employees as information security threat, the company will become more secure and efficient.
I. Introduction
The biggest threat to any company is not distributed denial of services (DDOS), malware attacks, phishing, or hackers. Most data breaches usually trigger by an Insiders, such as an employee, who poses a great threat to the company by exposing internal affairs to outside world. Insider can commit such activities with or without intentions and have an access to information that is not known to cybercriminals. An Insider can uncover company’s security information, inject viruses/worms/trojans, and can leave a logic bomb into the system. This Research paper will explain the key factors that will help a company to protect from inside threat and to prove how an insider can be a threat.
II. Scope
The scope of this paper will revolve around the minor to severe level of informational security threats post by employees. The paper will assess data theft techniques, rogue employees and analyze the risks, which are involved related to technology used by the employees. The paper will discuss many terms and techniques without going into so much technical details. The plans and
A single insider could steal secrets from critical infrastructures or leave them vulnerable to a future hack, which could have residual effects for years, such as the company Target and its reputation after the company was hacked. Further, insiders like Edward Snowden have set back American national security for years to come, by exposing secret security practices to the world. The government proposed in S.3414, to conduct background checks, focus on employee training, and assure that the necessary management are enlisted. These steps might stop the insider threat, but are measures to help reduce the threat. The benefits would also lead to better productivity and ensure the right employees are emplace to meet the industry standards and comply with policy. A new proposed bill should incorporate this feature within the government and be an option within privately owned critical infrastructures with incentives if guidance is
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
WILLISON, R., & SIPONEN, M. (2009). Overcoming the insider: reducing employee computer crime through Situational Crime Prevention. Communications Of The ACM, 52(9),
Some of the items that will need to be made aware of and shared with executives, employee and the stakeholders of the organization is the managing and protection of Access Control and attack monitoring system, each and every member of the company will need to understand and abide by the policies that govern access control in the workplace, allowing other employees to enter a facility without each employee scanning their badges will be a breach of security. The awareness of securing network architecture and network communications components, raise awareness on security governance concepts and policies and risk and personal management. The support of the entire organization in the changes and improvement will results in an effective strategic
Research Objective: The main theme of this research paper is to protect sensitive information that any organization or business possess. With community’s increasing reliance on information systems and technology there is scope for security breaches, more likely to happen. Not only monetary loss it can create damage to information assets that has sensitive data. To secure these assets from any internal or external damage organizations has to follow proposed rules and guidelines. Also security responsibilities
4. Security Awareness: A large percentage of successful attacks do not necessarily exploit technical vulnerabilities. Instead they rely on social engineering and people’s willingness to trust others. There are two extremes: either employees in an organization totally mistrust each other to such an extent that the sharing of data or information is nil; or, at the other end of the scale, you have total trust between all employees. In organizations neither approach is desirable. There has to be an element of trust throughout an organization but checks and balances are just as
Insider threats are not a new phenomenon in the history of the world or the United States. Sun Tzu, the famous Chinese General and author of the famous treatise The Art of War, believed that obtaining information through the use of spies made certain “great achievements.” The use of spies continued in from the Roman Empire to the strategic victories in World War II (Zurcher, 2013). In the United States, the mainstream media popularized spying with figures like James Bond, Jack Ryan, and Simon Templar. During the Cold War, 1985 was dubbed the “Year of the Spy” when twelve individuals were arrested by the Federal Bureau of Investigation (FBI) for spying. John Anthony Walker Jr., a Navy Warrant Officer and communications specialist worked for the Soviet Union; Jonathan Pollard, a civilian intelligence analyst for the Navy’s Anti-Terrorist Alert Center worked for Israel; Sharon Scranage, Central Intelligence Agency (CIA) desk clerk in Ghana and worked for Ghana; Larry Chin, a Chinese language translator/intelligence officer for the CIA worked for China; and Ronald Pelton, a communications specialist for the National Security Agency (NSA) worked for the Soviet Union; are a few examples of the individuals arrested (Federal Bureau of Investigation, n.d.). Each of these individuals worked within the US Defense and Intelligence communities and exposed national security secrets.
Moreover, now days using information system is not as walking as in the park, it has many new security treats that the company might lose their confidential data, financial and personal information.
An insider means, person has a authorized access to use computer and networks, a person has access to go inside of delegate information, a person has a knowledge how to get required information, a person who do work inside the security circumference, and person can add or delete important information from the system. According to research showcase @ CMU, “Current and former employees, contractors, and other organizational "insiders" pose a substantial threat by virtue of their knowledge of and access to their employers' systems and/or databases and their ability to bypass existing physical and electronic security measures through legitimate means.”
In the InfoSec industry, CTOs have witnessed many inside jobs also known as insider threats. These threats usually comprise of individuals or groups of people in organizations or companies. These individuals may include employees, contractors, business associates or partners. They try to deliberately contribute to or begin to breach the network of the company to sabotage or steal information. Because these people are already inside the company, they have the advantage of being familiar with how the network works in the company, having login credentials, having ways to keep their position in the company without getting caught and being able to access information about clients. These insider
Insider threats are considered as one of the most serious security problems in many studies and have received considerable attention among organizations over the world. This report will present the term “insider” and “insider threats” in cyber security, motives and effects of insider threats, underlying issues and causes of insider threats, prevention and detection of insider threats and management of insider threats within the organizations. The report will include case studies of malicious insider threats on IT sabotage and fraud as well as oblivious insider threats with analysis and discussions.
An insider threat is defined by the Computer Emergency Response Team at Carnegie-Mellon University (CERT) as “a malicious insider who is a current or former employee, contractor, or business partner who has or had authorized access to an organization’s network, system or data, and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information system”. While insider threats may be from such malicious insiders who intentionally cause harm for their personal gain or revenge, trusted employees who unintentionally, through negligence, cause financial or reputational damages to the organization can also pose insider threat as well.
Insider threat can be defined as a malicious threat that comes from someone inside the organization. “An insider threat does not have to be a present employee or stakeholder, but can also be a former employee, board member, or anyone who at one time had access to proprietary or confidential information from within an organization or entity. Contractors, business associates, and other individuals or third-party entities who have knowledge of an organization’s security practices, confidential information, or access to protected networks or databases also fall under the umbrella of insider threat” (Lord 1). Given the scope of the potential perpetrators, It is easy to see why this type of threat could be hard to protect against.
It has been proved that computers help a business ease its activities such as record keeping, monitoring employees and word processing among others. However, the use of computers in the workplace breeds concerns such as security threats and privacy issues. Computer systems are not only prone to hackers but also other security issues that may compromise the company’s activities and social integrity. The research will probe into some of the advantages and disadvantages of computer surveillance.
Insider - An insider is known as someone with legitimate access to the network. Because information and data accessed by insiders can be easily copied, stolen, deleted, misfiled, or updated, insider threats can be some of the most damaging, harmful regardless of whether they occur due to user carelessness or do the malicious activity.