<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>mitigating Archives -</title>
	<atom:link href="https://zymitry.com/tag/mitigating/feed/" rel="self" type="application/rss+xml" />
	<link>https://zymitry.com/tag/mitigating/</link>
	<description>Tech &#38; Other Stuff</description>
	<lastBuildDate>Sat, 07 Jul 2018 00:17:19 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://i0.wp.com/zymitry.com/wp-content/uploads/2016/11/favicon.png?fit=32%2C32&#038;ssl=1</url>
	<title>mitigating Archives -</title>
	<link>https://zymitry.com/tag/mitigating/</link>
	<width>32</width>
	<height>32</height>
</image> 
<site xmlns="com-wordpress:feed-additions:1">120106411</site>	<item>
		<title>Mitigating Insider Security Threats</title>
		<link>https://zymitry.com/mitigating-insider-security-threats/</link>
					<comments>https://zymitry.com/mitigating-insider-security-threats/#respond</comments>
		
		<dc:creator><![CDATA[Greg Palmer]]></dc:creator>
		<pubDate>Sat, 20 Jan 2018 01:00:27 +0000</pubDate>
				<category><![CDATA[System Security]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[insider]]></category>
		<category><![CDATA[mitigating]]></category>
		<category><![CDATA[risk]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[threats]]></category>
		<guid isPermaLink="false">https://zymitry.com/?p=853</guid>

					<description><![CDATA[<p>Threats from within an organization. Insider security threats are the most significant threat to today’s information systems. Insiders often have elevated access within an organizations information systems which often gives them a level of authorized access that can cause a lot of damage if misused intentionally, or unintentionally. In the SANS Reading Room article; Insider… <span class="read-more"><a href="https://zymitry.com/mitigating-insider-security-threats/">Read More: Mitigating Insider Security Threats &#187;</a></span></p>
<p>The post <a href="https://zymitry.com/mitigating-insider-security-threats/">Mitigating Insider Security Threats</a> appeared first on <a href="https://zymitry.com"></a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><strong>Threats from within an organization.</strong></p>
<p>Insider security threats are the most significant threat to today’s information systems. Insiders often have elevated access within an organizations information systems which often gives them a level of authorized access that can cause a lot of damage if misused intentionally, or unintentionally.</p>
<p>In the SANS Reading Room article; <a href="https://www.sans.org/reading-room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307" target="_blank" rel="noopener">Insider Threat Mitigation Guidance</a>, Balakrishnan &amp; Northcutt explain that mitigating insider threats is often a complex procedure that requires meticulous planning.  Organizations should tailor their approach to ensure that mitigation techniques meet the organizations unique needs.</p>
<p>Balakrishnan &amp; Northcutt lay out a 13 step Insider Threat Mitigation Program (ITMP) road map developed by the Intelligence and National Security Alliance (INSA) as a framework for identifying and mitigating insider threats. This framework maps insider threats to mitigation controls published by the Community Emergency Response Team (CERT), and the National Institute of Standards and Technology (NIST) threat programs and best practices. The ITMP framework steps are as follows</p>
<p><span style="text-decoration: underline;">Step 1:</span> Initial Planning. CERT Program components include; establish insider threat program and framework, implement planning, and formalize the program. CERT best practices used are a formalized insider threat program, and asset identification and control. NIST best practices are asset management.</p>
<p><span style="text-decoration: underline;">Step 2:</span>  Identify stakeholders. CERT practice is to identify all areas of the business affected.</p>
<p><span style="text-decoration: underline;">Step 3:</span>  Leadership buy-in.</p>
<p><span style="text-decoration: underline;">Step 4:</span>  Risk Management. CERT program components are enterprise risk management integration. Best practices include considering all insider threats enterprise-wide, and identifying a risk management program.</p>
<p><span style="text-decoration: underline;">Step 5:</span>  Detailed project planning.</p>
<p><span style="text-decoration: underline;">Step 6:</span>  Develop Governance Structure, Policy, and Procedures. Program CERT components are Policies, Procedures, and Practices, and protection of employee civil liberties and rights. Best practices include:</p>
<ul>
<li>Document and consistently enforce policies</li>
<li>A hiring process that screens employees for disruptive behavior</li>
<li>Anticipate and manage negative issues in the work environment</li>
<li>Implement and enforce strict password and management policies</li>
<li>Enforce principles of separation of duties and least privilege</li>
<li>Explicit Service Level Agreements (SLA)’s for all vendors and cloud services</li>
<li>Stringent access controls</li>
<li>Institutionalize system changes</li>
<li>Comprehensive employee termination procedures</li>
<li>Stringently monitoring social media content</li>
</ul>
<p><span style="text-decoration: underline;">Step 7:</span>  Communication training and awareness. Components are training and awareness, and communicating insider threats. Best practices include insider threat and awareness training, and communication response.</p>
<p><span style="text-decoration: underline;">Step 8:</span>  Develop detection methods. Components are prevention, detection, and response. Best practices include establish baselines, monitor and close data exfiltration holes, monitor and detect anomaly events.</p>
<p><span style="text-decoration: underline;">Step 9:</span>  Data and tool requirements. Components are data collection and analysis. Best practices include Security Information Event Management (SIEM) that encompasses logging and auditing of systems, and protecting access controls and auditing technology.</p>
<p><span style="text-decoration: underline;">Step 10:</span>  Data fusion. Component is data collection and analysis.</p>
<p><span style="text-decoration: underline;">Step 11:</span>  Analysis and incident management. Components are incident response and reporting. Best practices include response and mitigation analysis.</p>
<p><span style="text-decoration: underline;">Step 12:</span>  Management reporting. Components are program compliance and effectiveness oversight.</p>
<p><span style="text-decoration: underline;">Step 13:</span>  Feedback and lessons learned. Best practices include recovery planning, improvements, and communications.</p>
<p>&nbsp;</p>
<p>Overall it is widely recognized that insider threats are the most prevalent and damaging which is line with what both Johnson (2015), and Balakrishnan &amp;Northcutt (2015), have examined and supported. Organizations spend great amounts of money on technical controls such as firewalls, <a href="https://zymitry.com/ids-idps-detection-methods/" target="_blank" rel="noopener">Intrusion Detection (IDS) systems</a>, and anti-malware, but these controls lose much of there benefit when uneducated or careless users click on a phishing email links or exhibit other risky behaviours. Other technical controls can limit the damage, but an organization can still find itself spending a lot of time repairing damage caused by insider threats.</p>
<p>&nbsp;</p>
<p>References</p>
<p>Balakrishnan, B., &amp; Northcutt, S. (2015, October 06). <em>Insider Threat Mitigation Guidance, GIAC  </em><em>GLEG Gold Paper</em>. Retrieved August 25, 2017, from<a href="https://www.sans.org/reading-room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307" target="_blank" rel="noopener"> https://www.sans.org/reading-room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307room/whitepapers/monitoring/insider-threat-mitigation-guidance-36307</a>.</p>
<p>Johnson, R. (2015). <em>Security Policies and Implementation Issues (2nd ed.).</em> Burlington, MA: Jones &amp; Bartlett Learning.</p>
<p>The post <a href="https://zymitry.com/mitigating-insider-security-threats/">Mitigating Insider Security Threats</a> appeared first on <a href="https://zymitry.com"></a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://zymitry.com/mitigating-insider-security-threats/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
		<post-id xmlns="com-wordpress:feed-additions:1">853</post-id>	</item>
	</channel>
</rss>
