Blog Posts Tagged with "Insider Threats"
Has Anonymous Infiltrated the US Government?
May 16, 2012 Added by:Pierluigi Paganini
"Right now we have access to every classified database in the U.S. government. It’s a matter of when we leak the contents of those databases, not if. You know how we got access? We didn’t hack them. The access was given to us by the people who run the systems…"
Comments (0)
FBI Guidance of Combating the Insider Threat
May 15, 2012 Added by:Infosec Island Admin
The thief who is harder to detect and who could cause the most damage is the insider — the employee with legitimate access. They may steal solely for personal gain or be a “spy”—someone who is stealing company information or products in order to benefit another organization or country...
Comments (0)
The CERT Guide to Insider Threats
May 07, 2012 Added by:Ben Rothke
While there are many books on important security topics such as firewalls, encryption, identity management and more, The CERT Guide to Insider Threats is the one of the first to formally tackle the devastating problem of trusted insiders who misappropriate data...
Comments (0)
Why Do You Need Privileged Identity Management?
May 01, 2012 Added by:DHANANJAY ROKDE
Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...
Comments (0)
From Fraud to Infosec and Vice Versa... Part 2
April 24, 2012 Added by:Neira Jones
In my previous post I summarized fraud and how it relates to infosec. Key enablers used to defraud victims of all types cut across the landscape and often overlap, posing further challenges for quantifying their impact, but the classifications are nonetheless helpful...
Comments (0)
Ten Ways to Handle Insider Threats
April 19, 2012 Added by:Brent Huston
Tough economic times make it tempting for an employee to switch his white hat to a black one for financial gain. Insider threats also include contractors, auditors, and anyone who has authorized access to systems. How can you minimize the risk? Here are a few tips...
Comments (1)
Beyond the Firewall – Data Loss Prevention
April 06, 2012 Added by:Danny Lieberman
It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, you’ve mitigated the threat. This paper reviews the taxonomies of advanced content flow monitoring that is used to audit activity and protect data inside the network...
Comments (0)
Average Cost of a Data Breach $5.5 Million in 2011
March 23, 2012 Added by:Headlines
“Insiders continue to pose a serious threat to the security of their organizations. This is particularly true as the increasing adoption of tablets, smart phones and cloud applications in the workplace means that employees are able to access corporate information anywhere..."
Comments (0)
Experts Tell Senate that Critical Networks are Compromised
March 22, 2012 Added by:Headlines
"I think we've got the wrong mental model here. We've got to go to a model where we assume our adversary is in our networks, on our machines, and we've got to operate anyway, we've got to protect the data anyway," said Sandia National Laboratory's James Peery....
Comments (0)
Implementing Least Privilege
March 16, 2012 Added by:Ben Rothke
Least privilege is the notion that in a particular abstraction layer of a computing environment every module - such as a process, a user or a program depending on the subject - must be able to access only the information that is necessary for its legitimate purpose...
Comments (1)
Examining the Top Ten Database Threats
March 15, 2012 Added by:PCI Guru
Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...
Comments (0)
Why Data Leaks
February 14, 2012 Added by:Danny Lieberman
The main reason is people. People handle electronic data and make mistakes or do not follow policies. People are increasing conscious that information has value – all information has some value to someone and that someone may be willing to pay...
Comments (0)
Best Ways for Businesses to Prevent Data Breaches
February 01, 2012 Added by:Danny Lieberman
Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...
Comments (0)
On Software Vendor Access to Customer Data
January 30, 2012 Added by:Ben Kepes
The issue is a massive one for the industry and in a back-channel discussions a number of people made comments regarding how much of a risk to the cloud industry service provider access to data is. One person went on to say that this perception is poison to sales growth...
Comments (0)
Compliance and Security Trends
January 30, 2012 Added by:Danny Lieberman
Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...
Comments (0)
Programmer Charged with Stealing Code from Federal Reserve
January 19, 2012 Added by:Headlines
“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property"...
Comments (1)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR