As large scale breaches become increasingly commonplace, organizations need to rethink breach prevention initiatives. Breaches can be initiated by malicious or even benign insiders, as well as from external threats who are able to acquire the credentials of trusted insiders.
This whitepaper explains how...
Buried deep within a 308-page report from a presidential panel on ways to tighten federal surveillance and IT security programs are important recommendations on how to mitigate the insider threat at federal agencies.
An independent presidential panel makes recommendations to limit the National Security Agency's surveillance methods, including curtailing the way the government systematically collects and stores metadata from Americans' phone calls.
A federal district court judge's ruling that a National Security Agency program collecting metadata from telephone calls could be unconstitutional suggests that the law hasn't kept pace with changing technology.
NSA Director Gen. Keith Alexander says the agency has taken 41 actions to prevent leaks by insiders in the wake of disclosures of classified documents about the agency's surveillance programs by former agency contractor Edward Snowden.
You can be outraged that the NSA collects Internet communications records of U.S. citizens. But don't be surprised, says sociologist William Staples. This is just one example of our "culture of surveillance."
More than half of surveyed organizations say they have experienced an insider incident, and 53 percent say insider attacks are more damaging than those launched externally. So, what can security leaders do to get a better handle on the insider threat in 2014? Join this expert panel, led by Michael Theis of the CERT...
For years, researchers have studied malicious insider threats. But how can organizations protect themselves from insiders who make a mistake or are taken advantage of in a way that puts the organization at risk?
The average insider scheme lasts 32 months before it's detected, says threat researcher Jason Clark, who suggests using a combination of the right technologies and the right processes is the key to improving detection.
Randy Trzeciak and his CERT Insider Threat Center colleagues are working to broaden the definition of the insider threat to incorporate not just the risk to information and IT but to facilities and people, too.