s [ Pobierz całość w formacie PDF ]

majority of these insiders, however, did have similar motives and goals for their attacks. In all
cases, the victim organizations were impacted by the material and immaterial costs of the attack.
At least four of the cases caused losses to the victim organization that exceeded $1 million, and
one attack led the victim organization to declare bankruptcy. All of the organizations had to deal
with the negative publicity that comes with an insider case and the time and resources to
prosecute the insider.
While many of these attacks were successful, in some cases the insider attack was detected and
mitigated by the organization before the insider was able to cause a significant financial impact.
Although there is no one profile that can be used to detect malicious insiders who use
programming methods in their attacks, countermeasures can be implemented that would stop
many of these attacks. The CERT Insider Threat Center has studied these and similar cases to
develop the countermeasures presented in the Common Sense Guide to Mitigating Insider Threats,
4th Edition. Following these mitigation strategies would have prevented many, if not all, of the
attacks covered in this article.
CERT DIVISION | SOFTWARE ENGINEERING INSTITUTE | 15
About the Insider Threat Team
The CERT Insider Threat Center is part of the Enterprise Threat and Vulnerability Management
(ETVM) team in the CERT Division of the Software Engineering Institute at Carnegie Mellon
University. The ETVM team helps organizations improve their security posture and incident
response capability by researching technical threat areas; developing information security
assessment methods and techniques; and providing information, solutions, and training for
preventing, detecting, and responding to illicit insider activity. ETVM team members are domain
experts in insider threat and incident response, and team capabilities include threat analysis and
modeling; development of security metrics and assessment methodologies; and creation and
delivery of training, courses, and workshops. Our insider threat database allows us to examine
broad and specific trends.
For additional information regarding the content of this white paper or other research conducted at
the CERT Insider Threat Center, please contact insider-threat-feedback@cert.org.
CERT DIVISION | SOFTWARE ENGINEERING INSTITUTE | 16 [ Pobierz całość w formacie PDF ]