Technical Detection Methods for Insider Risk Management
Abstract
Applicable Best Practices from the CERT Common Sense Guide to Mitigating Insider Threats. Know and protect your critical assets. Develop a formalized insider threat program. Clearly document and consistently enforce policies and controls. Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. Anticipate and manage negative issues in the work environment. Consider threats from insiders and business partners in enterprise-wide risk assessments. Be especially vigilant regarding social media. Structure management and tasks to minimize unintentional insider stress and mistakes. Incorporate malicious and unintentional insider threat awareness intoperiodic security training for all employees. Implement strict password and account management policies and practices. Institute stringent access controls and monitoring policies on privileged users. Deploy solutions for monitoring employee actions and correlatinginformation from multiple data sources. Monitor and control remote access from all endpoints, including mobile devices. Establish a baseline of normal behavior for both networks and employees. Enforce separation of duties and least privilege. Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. Institutionalize system change controls. Implement secure backup and recovery processes. Close the doors to unauthorized data exfiltration. Develop a comprehensive employee termination procedure. Adopt positive incentives to align the workforce with the organization.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2020
- Accession Number
- AD1110364
Entities
People
- Dan Costa
Organizations
- Carnegie Mellon University