Lesson 3 Part 1.pdf
Document Details
Uploaded by CooperativeJacksonville
Nanyang Technological University
Tags
Full Transcript
Lesson 3 Part 1 Okay, welcome to lesson three. And in this lesson, we're going to talk more deeply about insider threat indicators. By the end of this lesson, you are going to be able to define indicators of insider threat. You'll gain an ability to identify patterns and behavior indicative of pote...
Lesson 3 Part 1 Okay, welcome to lesson three. And in this lesson, we're going to talk more deeply about insider threat indicators. By the end of this lesson, you are going to be able to define indicators of insider threat. You'll gain an ability to identify patterns and behavior indicative of potential insider threats, and you'll develop a set of indicators for different insider threat scenarios. So the insider threat problem is much more prolific than people actually realize. A lot of people do send information from their work email to their personal emails to circumvent organizational process, particularly if they work from home and they can't print things in the office. And you'll see here from this data that 15% admit to taking business critical information with them from one job to another. Now, I suspect that the number is actually a lot, lot higher than that because of the massive under-reporting that takes place in the insider threat space. Okay, so what is an insider threat indicator? Indicators of insider threats are not only events that have occurred in an organization's system or network, but these threats deal with people. So therefore, they're also behavioral and non-technical indicators associated with a user and can aid in understanding whether an insider threat exists. So some examples of insider threat indicators are things like unusual access, logging in outside of work hours, an escalation in privileges, excessive downloads of sensitive files. The person might have received a formal HR warning over some of their conduct. They may also have connected unapproved devices to the network, or they may be downloading and installing unapproved applications. They may just simply have poor performance. They may have indicated that they wish to resign from the organization. They may be obfuscating or hiding files. They may be printing or moving large amounts of data documents. And most importantly, they may have actually failed a background check when they were employed, but this may have been overlooked.
