Dawn Cappelli (Moderator)
Technical Manager, Enterprise Threat & Vulnerability Management Team, CERT Insider Threat Center
Carnegie Mellon University's Software Engineering Institute
Howard Cox
Assistant Deputy Chief of CCISP
Dept. of Justice
John Kropf
Deputy Chief Privacy Officer and Senior Adviser for International Privacy Policy
Dept. of Homeland Security
Howard Timm
Program Manager, Future Systems and Analyses
Dept. of Defense Personnel Security Research Center
Malicious insiders are current or former employees, contractors, or trusted business partners who have or had authorized access to their organization's systems and information. They are familiar with internal policies, procedures, and technology and exploit that knowledge to facilitate attacks and even collude with external attackers.
Research by CERT since 2001 has focused on hundreds of insider crimes, including espionage, IT sabotage, fraud, theft of confidential or proprietary information, and threats to our nation's critical infrastructures. The research focuses on the "big picture" - the complex interactions, relative degree of risk, and unintended consequences of policies, practices, technology, psychological issues, and organizational culture over time.
We have developed profiles for each type of crime which describe who, what, when, and how, as well as patterns of behaviors, organizational issues, and technical actions over time. While the research suggests definitive countermeasures, policy, legal, and employee privacy issues present challenges which must be overcome in order to effectively mitigate this threat to our nation’s critical infrastructure. This presentation describes each crime profile, proposed countermeasures, and policy, legal, and privacy obstacles to implementing those countermeasures.
Learning Objectives:
- Ability to make informed, risk-based decisions regarding implementation of practices, technologies, and policies for insider threat risk mitigation
- Communicate the importance of the collective efforts of IT/information security, human resources, physical security, software engineering, legal, and data owners in insider threat risk mitigation
- Recognize practices that could have mitigated insider threats in hundreds of cases, as well as policies, technologies, business process details, and management issues that influence an insider’s decision to act
- Understand the differences between insider theft of information for business advantage (e.g. intellectual property/trade secrets), IT sabotage, and theft or modification of information (e.g. personally identifiable information) for financial gain.