The Insider Threat

Description

Data Loss Prevention is easier and cheaper than cure - the insider threat poses a significant and increasing problem for organisations. The use of highly connected computers makes controlling information much more difficult than in the past. This is shown by the regular stories of data loss in the media such as the 25 million personal records mailed out by Revenue and Customs in the UK. In addition, we do not know enough about the insider threat, as of course many attacks are unknown to their victims or are not made public. An Insider Attack - this is the execution of a latent threat by an insider to achieve their goals, which usually has a detrimental effect on the organisation. They are often straightforward to perpetrate without detection using their legitimate access or acquiring unauthorised access using their knowledge of system weaknesses to defeat the controls. We need to understand what is valuable to insiders and their likely methods of attack to determine the necessary defensive measures. We believe that the insider threat is a difficult problem that requires systematic analysis to mitigate. This new pocket guide intends to shed light on the key security issues facing organisations from insiders to get them up to speed quickly. It is written by Clive Blackwell who is a researcher at Royal Holloway, University of London, where his main field is security architecture. He has developed a practical three-layer security architecture to model computer networks such as the Internet and other complex systems such as critical infrastructure. He is currently applying the model to the insider threat within different business sectors, which has resulted in several academic papers. Clive is a regular speaker on security at both academic and business conferences in the US and Europe as well as the UK. He has recently been invited to give talks on the insider threat at two major business conferences. He has about 20 publications to his name within the last two years. He also runs his own IT security consultancy, Advanced Computer Services, so he is aware of the security issues facing business.


Contents:

1 MODELLING THE INSIDER THREAT 2 1.1 WHAT IS THE INSIDER THREAT? 2 1.2 ARCHITECTURAL SECURITY MODEL 3 1.3 AN ATTACK CLASSIFICATION SCHEME 4 1.4 ATTACK SURFACE 4 1.5 IMPACT ZONE 6 1.6 SYSTEM HARDENING 6 1.7 TARGETING THE ATTACKER 8 2 INSIDER ATTACKS 10 2.1 INSIDER ATTACK CLASSIFICATION 10 2.2 DAMAGE 10 2.2.1 Methods of Attack 10 2.2.2 Defensive Protection 12 2.3 FRAUD 15 2.3.1 Methods of Attack 15 2.3.2 Defensive Protection 17 2.4 THEFT 18 2.4.1 Methods of Attack 18 2.4.2 Defensive Protection 20 2.5 CONCLUSIONS 22