The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) > Chapter 7. Technical Insider Threat Controls > Demonstrational Videos

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

The CERT® Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)

Search

Table of Contents

Chapter 2. Insider IT Sabotage

Chapter 3. Insider Theft of Intellectual Property

Chapter 4. Insider Fraud

Chapter 5. Insider Threat Issues in the Software Development Life Cycle

Chapter 6. Best Practices for the Prevention and Detection of Insider Threats

Chapter 7. Technical Insider Threat Controls

Infrastructure of the Lab

Demonstrational Videos

High-Priority Mitigation Strategies

Control 1: Use of Snort to Detect Exfiltration of Credentials Using IRC

Control 2: Use of SiLK to Detect Exfiltration of Data Using VPN

Control 3: Use of a SIEM Signature to Detect Potential Precursors to Insider IT Sabotage

Control 4: Use of Centralized Logging to Detect Data Exfiltration during an Insider’s Last Days of Employment

Insider Threat Exercises

Summary

Chapter 8. Case Examples

Chapter 9. Conclusion and Miscellaneous Issues

Appendix A. Insider Threat Center Products and Services

Appendix B. Deeper Dive into the Data

Appendix C. CyberSecurity Watch Survey

Appendix D. Insider Threat Database Structure

Appendix E. Insider Threat Training Simulation: MERIT InterActive

Appendix F. System Dynamics Background

Demonstrational Videos

Since the lab was created, we have developed a series of demonstrational videos that depict scenarios taken from real cases in the CERT database. Each video describes an insider threat case and shows how one or more open source tools could be used to detect such an incident and identify the individual responsible should it happen in your environment. We present these videos in our insider threat workshops. We have also presented them at various conferences, including the RSA Conference, the U.S. Department of Defense Cyber Crime Conference (DC3), the Government Forum of Incident Response and Security Teams (GFIRST), the Forum of Incident Response and Security Teams (FIRST), and MIS Training Institute InfoSec World.

The demos can be watched at the following URL: www.cert.org/insider_threat. We release additional demos every few months, so we recommend that you watch that site for new releases. In this chapter we will describe the insider threat mitigation strategies depicted in the demos.

You are currently reading a PREVIEW of this book.

Get instant access to over
$1 million worth of books and videos.

Start a Free Trial