Common Sense Guide to Mitigating Insider Threats, Sixth ...
Common Sense Guide to Mitigating Insider Threats, Sixth Edition
CERT National Insider Threat Center December 2018 TECHNICAL REPORT CMU/SEI-2018-TR-010 CERT Division [Distribution Statement A] Approved for Public Release; Distribution Is Unlimited
REV-04.06.2018.0
Copyright 2018 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and "No Warranty" statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. * These restrictions do not apply to U.S. government entities. Carnegie Mellon? and CERT? are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM18-1336
CMU/SEI-2018-TR-010 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY Distribution Statement A: Approved for Public Release; Distribution Is Unlimited
Table of Contents
Acknowledgments
vii
Executive Summary
ix
Abstract
xii
The History of the Common Sense Guide
1
Introduction
3
1 Know and protect your critical assets.
11
1.1 Protective Measure - Conducting a Risk Assessment
11
1.2 Protective Measure - Asset Tracking
13
1.3 Protective Measure - Conducting a Privacy Impact Assessment
14
1.4 Metrics
15
1.5 Challenges to Asset Identification
15
1.6 Case Studies
16
1.7 Quick Wins and High-Impact Solutions
16
1.7.1 All Organizations
16
2 Develop a formalized insider threat program.
18
2.1 Protective Measures
18
2.2 Understanding and Avoiding Potential Pitfalls
27
2.3 Challenges
28
2.4 Governance of an Insider Threat Program
29
2.5 Case Studies
29
2.6 Quick Wins and High-Impact Solutions
31
2.6.1 All Organizations
31
2.6.2 Large Organizations
31
3 Clearly document and consistently enforce policies and controls.
32
3.1 Protective Measures
32
3.2 Challenges
33
3.3 Case Studies
33
3.4 Quick Wins and High-Impact Solutions
35
3.4.1 All Organizations
35
4 Beginning with the hiring process, monitor and respond to suspicious or disruptive
behavior.
36
4.1 Protective Measures
36
4.2 Challenges
37
4.3 Case Studies
38
4.4 Quick Wins and High-Impact Solutions
40
4.4.1 All Organizations
40
5 Anticipate and manage negative issues in the work environment.
41
5.1 Protective Measures
41
5.2 Challenges
42
5.3 Case Studies
42
5.4 Quick Wins and High-Impact Solutions
43
5.4.1 All Organizations
43
CMU/SEI-2018-TR-010 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY
i
Distribution Statement A: Approved for Public Release; Distribution is Unlimited
6 Consider threats from insiders and business partners in enterprise-wide risk
assessments.
44
6.1 Protective Measures
44
6.2 Challenges
46
6.3 Case Studies
46
6.4 Quick Wins and High-Impact Solutions
47
6.4.1 All Organizations
47
6.4.2 Large Organizations
47
7 Be especially vigilant regarding social media.
49
7.1 Protective Measures
49
7.2 Challenges
51
7.3 Case Studies
51
7.4 Quick Wins and High-Impact Solutions
52
7.4.1 All Organizations
52
7.4.2 Large Organizations
52
8 Structure management and tasks to minimize insider stress and mistakes.
53
8.1 Protective Measures
53
8.2 Challenges
53
8.3 Case Studies
54
8.4 Quick Wins and High-Impact Solutions
55
8.4.1 All Organizations
55
8.4.2 Large Organizations
55
9 Incorporate malicious and unintentional insider threat awareness into periodic security
training for all employees.
56
9.1 Protective Measures
56
9.2 Challenges
59
9.3 Case Studies
60
9.4 Quick Wins and High-Impact Solutions
60
9.4.1 All Organizations
60
9.4.2 Large Organizations
61
10 Implement strict password and account management policies and practices.
62
10.1 Protective Measures
62
10.2 Challenges
64
10.3 Case Studies
64
10.4 Quick Wins and High-Impact Solutions
65
10.4.1 All Organizations
65
10.4.2 Large Organizations
65
11 Institute stringent access controls and monitoring policies on privileged users.
66
11.1 Protective Measures
66
11.2 Challenges
68
11.3 Case Studies
68
11.4 Quick Wins and High-Impact Solutions
69
11.4.1 All Organizations
69
11.4.2 Large Organizations
69
12 Deploy solutions for monitoring employee actions and correlating information from
multiple data sources.
70
12.1 Protective Measures
70
12.2 Challenges
74
12.3 Case Studies
75
12.4 Quick Wins and High-Impact Solutions
75
CMU/SEI-2018-TR-010 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY
ii
Distribution Statement A: Approved for Public Release; Distribution is Unlimited
12.4.1 All Organizations
75
12.4.2 Large Organizations
76
13 Monitor and control remote access from all end points, including mobile devices.
77
13.1 Protective Measures
77
13.2 Challenges
80
13.3 Case Studies
80
13.4 Quick Wins and High-Impact Solutions
81
13.4.1 All Organizations
81
13.4.2 Large Organizations
81
14 Establish a baseline of normal behavior for both networks and employees.
83
14.1 Protective Measures
83
14.2 Challenges
84
14.3 Case Studies
85
14.4 Quick Wins and High-Impact Solutions
85
14.4.1 All Organizations
85
14.4.2 Large Organizations
86
15 Enforce separation of duties and least privilege.
87
15.1 Protective Measures
87
15.2 Challenges
88
15.3 Case Studies
88
15.4 Quick Wins and High-Impact Solutions
89
15.4.1 All Organizations
89
15.4.2 Large Organizations
89
16 Define explicit security agreements for any cloud services, especially access restrictions
and monitoring capabilities.
90
16.1 Protective Measures
90
16.2 Challenges
92
16.3 Case Studies
93
16.4 Quick Wins and High-Impact Solutions
93
16.4.1 All Organizations
93
17 Institutionalize system change controls.
95
17.1 Protective Measures
95
17.2 Challenges
96
17.3 Case Studies
97
17.4 Quick Wins and High-Impact Solutions
97
17.4.1 All Organizations
97
17.4.2 Large Organizations
97
18 Implement secure backup and recovery processes.
99
18.1 Protective Measures
99
18.2 Challenges
101
18.3 Case Studies
101
18.4 Quick Wins and High-Impact Solutions
102
18.4.1 All Organizations
102
18.4.2 Large Organizations
102
19 Close the doors to unauthorized data exfiltration.
103
19.1 Protective Measures
103
19.2 Challenges
106
19.3 Case Studies
106
19.4 Quick Wins and High-Impact Solutions
107
CMU/SEI-2018-TR-010 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY
iii
Distribution Statement A: Approved for Public Release; Distribution is Unlimited
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- 68 16 carnegie mellon university office of admission
- canhai chen carnegie mellon university
- top scientists by h index temple university
- ركتبا عدبأ لمعت learn create innovate
- announcement of winners
- diagnosing the problem exploring the e ects of
- towards improving cvss carnegie mellon university
- presentation of the 2018 19 financial affairs committee
- chapter 4 ai education stanford university
- carnegie mellon university in qatar media pack
Related searches
- 13 reasons why common sense media
- common sense theory of emotion
- common sense history significance
- common sense science
- common sense example
- common sense theory
- examples of common sense psychology
- basic common sense questions
- common sense meaning
- common sense psychology
- common sense theory nursing
- common sense theory psychology