Hire Patriots
760 730-3734
Call us for more details!
Mail us today
ceo@hirepatriots.com
/ News And Blogs / Subscribe to RSS Feed

3 Ways to Fight the Insider Threat

Posted by on March 26, 2012 in Uncategorized

TIPS TO HELP PREVENT MALICIOUS AND ACCIDENTAL BREACHES

Increasingly, social engineers target insiders to plunder organizations’ financial and intellectual assets. How can you prevent these and traditional inside attacks? Carnegie Mellon University’s Dawn Cappelli offers tips.

Cappelli, co-author of the new book The CERT Guide to Insider Threats, has studied insider crimes for over a decade. She sees the definition of “insider threat” evolving.

Related Content

Related Whitepapers

“We’ve been looking at malicious insiders,” she says. “We define that as current or former employees, contractors, business partners – really, anyone who can get authorized access to your systems, your data, your network – and they intentionally misuse that access to do something bad.

But what about unintentional insider threats? “There are a lot of exploits that have happened this past year have been by external hackers that have used unintentional insiders to get into your network,” she says. “We’d like to look at those [incidents] in the same way we’ve looked at malicious insiders all these years.”

In an exclusive video interview recorded at RSA Conference 2012, Cappelli offers tips to combat insider crimes, including:

 

  • The need for a formal insider threat program;
  • How to leverage current technologies;
  • How to identify and protect your “crown jewels.”

Cappelli, CISSP, is Technical Manager of the Insider Threat Center and the Enterprise Threat and Vulnerability Management team in the CERT Program at Carnegie Mellon University’s Software Engineering Institute. Her team’s mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing information security assessment methods and techniques; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Her team members are domain experts in insider threat and incident response, and team capabilities include threat analysis and modeling; development of security metrics and assessment methodologies; and creation and delivery of training, courses, and workshops. Cappelli has 30 years of experience in software engineering, including programming, technical project management, information security, and research. She is often an invited speaker at national and international venues, is an adjunct professor in Carnegie Mellon’s Heinz College of Public Policy and Management and is currently Vice-Chair for the CERT Computer Security Incident Handler Certification Advisory Board.

For more information on computer security and computer security training visit Security University:

CISSP | CISSP Training | CISSP Prep | CISSP Classes | CISSP Certififcation | CISSP Prep Review Class

CEH Training | Certified Ethical Hacker Training | CEH Prep | Ethical Hacker | Ethical Hacking

Security Analyst Training | Security Analyst Classes | Penetration Tester Certification | Security Analyst Certification

Penetration Tester License | Penetration Tester Training | Computer Security Penetration Tester

Computer Forensics Training | Computer Forensics Certification | Computer Forensics Career

Facebook Comments

Share us on

About The Author
Security University

Follow me on