THE INSIDER THREAT AND DATA LOSS PREVENTION

CSCE 727

Agenda

Background The Insider Threat Examples in the news Data Loss Prevention Questions

The Insider Threat

An Insider Threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

The Insider Threat – Example 1 Steven Medlock was a disbursement specialist for the

State Department’s Global Financial Services Center, which handles worldwide billings and other transactions for the agency.

The U.S. Attorney’s Office said he created a sham company that submitted fake invoices to collect about $58,700 in currency-exchange fees from September 2011 to April 2012. He also forged an unidentified person’s name on payment vouchers as part of the embezzlement, prosecutors said.

A Charleston judge has sentenced a former U.S. State Department employee to probation and home detention for embezzling almost $59,000 from the federal government

The Insider Threat – Example 2 Pfc. Bradley Manning - Enlisted intelligence analyst

with privileged access. Downloaded classified files from military networks

and leaked them to the anti-secrecy website WikiLeaks.

Host-Based Security System was not installed to detect or prevent the removal of the classified files

Dishonorably discharged from the Army, sentenced to 35 years in prison of violations of the Espionage Act and other offenses.

Now known as Chelsea Elizabeth Manning.

Data Loss Prevention

Data loss prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use, in-motion, and at-rest. In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake.

Such sensitive data can come in the form of private or company information, intellectual property, financial or patient information, credit-card data, and other information depending on the business and the industry.

Graphical demonstration of how data leaves a network

The Insider Threat, Data Loss Prevention, and Information Warfare.

IW – The use and management of information technology in pursuit of a competitive advantage over an opponent.

Discover confidential data wherever it is stored and identifies data owners.

Monitor how data is being used and where it is going to provide visibility into broken business process and high-risk users.

Protect confidential data by automatically enforcing data loss policies; educating users about data security; securing exposed data; and stopping data leaks.

Manage data loss policies, incident remediation, and risk reporting.

Goals of deploying DLP to monitor Insiders is to Discover, Monitor, and Protect.

Questions?