Insider threats have been around for many years. However, organizations have been slow in adopting measures to protect against this significant risk. Organizations have experience protecting the network perimeter from outside threats and implementing intrusion detection tools, malware, and firewalls. These tools are ineffective once someone is already within the security wall. In addition, the idea of "perimeter defense" is disappearing as businesses rely more and more on outsourced services from third-parties, use cloud-based servers to either store data or use applications, have an increase in the volume of network traffic, and allow employees to use mobile devices while working. Implementing preventative and detective measures may be difficult for some organizations, but the biggest challenge is not technology-based but rather strategy-based. The purpose of this capstone project is to raise awareness of insider threats among management and open a dialog between management and IT professionals regarding insider threat risks. The goal is to bridge the gap between these two groups to help organizations implement a more effective insider threat management program. This paper examines current management perspectives on insider threat risks, analyzes insider threat cases and current mitigation efforts by organizations, and reviews various risk management frameworks to address insider risks. Key findings and recommendations highlight the need for management to incorporate insider risk mitigation strategies into business processes using mitigation tools that focus on data and people having access to that data. The overall business strategy must include IT security measures. Management and IT professionals need to look for risk management techniques that focus specifically on insider risks instead of using ad-hoc measures and informal tracking mechanisms. Keywords: Economic Crime Management, Dr. Shannon L. Johnson, socio-technical, cybercrime, systematic, fraud, alignment.
展开▼
机译:内部人威胁已经存在很多年了。但是,组织在采取措施来防御这种重大风险方面进展缓慢。组织具有保护网络外围免受外部威胁并实施入侵检测工具,恶意软件和防火墙的经验。一旦有人已经进入安全墙,这些工具将失效。此外,随着企业越来越依赖第三方的外包服务,使用基于云的服务器来存储数据或使用应用程序,网络流量的增加,“外围防御”的概念正在消失。允许员工在工作时使用移动设备。对于某些组织来说,实施预防和侦查措施可能很困难,但是最大的挑战不是基于技术,而是基于策略。此项目的目的是提高管理层对内部威胁的认识,并在管理层和IT专业人员之间就内部威胁风险展开对话。目标是弥合这两个群体之间的鸿沟,以帮助组织实施更有效的内部威胁管理程序。本文研究了有关内部威胁风险的当前管理观点,分析了内部威胁案例和组织当前的缓解措施,并回顾了各种风险管理框架来应对内部风险。主要发现和建议突出表明,管理层需要使用针对数据和有权访问该数据的人员的缓解工具,将内部风险缓解策略纳入业务流程。总体业务战略必须包括IT安全措施。管理和IT专业人员需要寻找专门针对内部风险的风险管理技术,而不是使用临时措施和非正式跟踪机制。关键字:经济犯罪管理,Shannon L. Johnson博士,社会技术,网络犯罪,系统性,欺诈,结盟。
展开▼
