Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    Title Page
    Copyright Page
    Dedication Page
    Contents
    Preface
    Acknowledgments
    Chapter 1. Overview
    Chapter 2. Insider IT Sabotage
    Chapter 3. Insider Theft of Intellectual Property
    Chapter 4. Insider Fraud
    Chapter 5. Insider Threat Issues in the Software Development Life Cycle
    Chapter 6. Best Practices for the Prevention and Detection of Insider Threats
    Summary of Practices
    Practice 1: Consider Threats from Insiders and Business Partners in Enterprise-Wide Risk Assessments
    Practice 2: Clearly Document and Consistently Enforce Policies and Controls
    Practice 3: Institute Periodic Security Awareness Training for All Employees
    Practice 4: Monitor and Respond to Suspicious or Disruptive Behavior, Beginning with the Hiring Process
    Practice 5: Anticipate and Manage Negative Workplace Issues
    Practice 6: Track and Secure the Physical Environment
    Practice 7: Implement Strict Password- and Account-Management Policies and Practices
    Practice 8: Enforce Separation of Duties and Least Privilege
    Practice 9: Consider Insider Threats in the Software Development Life Cycle
    Practice 10: Use Extra Caution with System Administrators and Technical or Privileged Users
    Practice 11: Implement System Change Controls
    Practice 12: Log, Monitor, and Audit Employee Online Actions
    Practice 13: Use Layered Defense against Remote Attacks
    Practice 14: Deactivate Computer Access Following Termination
    Practice 15: Implement Secure Backup and Recovery Processes
    Practice 16: Develop an Insider Incident Response Plan
    Summary
    References/Sources of Best Practices
    Chapter 7. Technical Insider Threat Controls
    Chapter 8. Case Examples
    Chapter 9. Conclusion and Miscellaneous Issues
    Appendix A. Insider Threat Center Products and Services
    Appendix B. Deeper Dive into the Data
    Appendix C. CyberSecurity Watch Survey
    Appendix D. Insider Threat Database Structure
    Appendix E. Insider Threat Training Simulation: MERIT InterActive
    Appendix F. System Dynamics Background
    Glossary of Terms
    References
    About the Authors
    Index
    BackMater
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 6. Best Practices for the Preven... > Practice 10: Use Extra Caution with ...

    Practice 10: Use Extra Caution with System Administrators and Technical or Privileged Users

    System administrators and technical or privileged users have the technical ability, access, and oversight responsibility to commit and conceal malicious activity.

    What Can You Do?

    Recall that the majority of the insiders who committed IT sabotage held technical positions such as system administrator, DBA, or programmer. Technically sophisticated methods of carrying out and concealing malicious activity included writing or downloading of scripts or programs (including logic bombs), creation of backdoor accounts, installation of remote system administration tools, modification of system logs, planting of viruses, and use of password crackers.

    System administrators and privileged users5 by definition have a higher system, network, or application access level than other users. This higher access level comes with higher risk due to the following.


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial


      
    • Safari Books Online
    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint