The Cyber Enemy Within ... Countering the Threat from Malicious Insiders
نویسندگان
چکیده
One of the most critical problems facing the information security community is the threat of a malicious insider abusing his computer privileges to modify, remove, or prevent access to an organization’s data. An insider is considered trusted (at least implicitly) by his organization because he is granted access to its computing environment. Whether or not that insider is in fact trustworthy is a question that lies at the heart of the insider threat problem. Complicating this problem is the fact that there is no “one size fits all” description of a malicious insider. Motivations, objectives, cyber expertise, system privileges all can and do vary from one case to the next.
منابع مشابه
Detecting Malicious Insiders in Military Networks
Given that a network is only as strong as its weakest link, a key vulnerability to network centric warfare is the threat from within. This paper summarizes several recent MITRE efforts focused on characterizing and automatically detecting malicious insiders within modern information systems. Malicious insiders (MI) adversely impact an organization’s mission through a range of actions that compr...
متن کاملInsider threats: Detecting and controlling malicious insiders
Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This paper aims to investigate the scale and scope of malicious insider risks and explore the impact of such threats on business ...
متن کاملOn the Interplay Between Cyber and Physical Spaces for Adaptive Security
Ubiquitous computing is resulting in a proliferation of cyber-physical systems that host or manage valuable physical and digital assets. These assets can be harmed by malicious agents through both cyber-enabled or physically-enabled attacks, particularly ones that exploit the often ignored interplay between the cyber and physical world. The explicit representation of spatial topology is key to ...
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملMitigating malicious insider cyber threat
This paper examines malicious insider threat and explains the key differences from other types of insider threat and from external threat actors. A phase based “kill-chain” malicious insider threat model is developed and proposed to help inform selection of mitigation countermeasures which are complementary or incremental to a typically implemented traditional ISO 17799/27002 information securi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004