Insider threat management

Insider threat management is the process of preventing, combating, detecting, and monitoring employees, remote vendors and contractors, to fortify an organization's data from theft, fraud and damage.[1]

Background

Insiders may have accounts giving them legitimate access to computer systems, with this access originally having been given to them to serve in the performance of their duties; these permissions could be abused to harm the organization. Insiders are often familiar with the organization's data and intellectual property as well as the methods that are in place to protect them. This makes it easier for the insider to circumvent any security controls of which they are aware. Physical proximity to data means that the insider does not need to hack into the organizational network through the outer perimeter by traversing firewalls; rather they are in the building already, often with direct access to the organization's internal network. Insider threats are harder to defend against than attacks from outsiders, since the insider already has legitimate access to the organization's information and assets.[2]

An insider may attempt to steal property or information for personal gain, or to benefit another organization or country.[2] The threat to the organization could also be through malicious software left running on its computer systems by former employees, a so-called Logic bomb.

Insider Threat Management Software

Insider Threat Management is often performed with the help of software companies. These include:

References

  1. https://www.us-cert.gov/sites/default/files/publications/Combating%20the%20Insider%20Threat_0.pdf
  2. 1 2 "FBI Counterintelligence: The Insider Threat. An introduction to detecting and deterring an insider spy". Fbi.gov. Retrieved 2014-03-08.


This article is issued from Wikipedia - version of the 11/8/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.