recent news

NSF Awards CyLab’s Norman Sadeh and Columbia’s Bellovin $1.2M to Research for New Family of User-Controllable Policy Learning Technologies

New Web-Based Security Test Suite from CyLab’s Collin Jackson, with Google & UC Berkeley

Sixth Annual CyLab Corporate Partners Conference Highlights Vital Research and Urgent Issues

CyLab Technical Director Adrian Perrig Wins Prestigious “Security 7” Award From Information Security Magazine

CyLab Founder Pradeep K. Khosla To Receive Prestigious Academic Excellence Award at 2009 Pan IIT Conference

[see all cylab news]

recent CyLab Chronicles

Q&A with Collin Jackson

Q&A with Patrick Tague

Q&A with Jonathan McCune

Q&A with Dena Haritos Tsamitis

Q&A with Anupam Datta

[see all cylab chronicles]

 

cylab NEWS

CERT Insider Threat Team Releases “Spotlight On Programming Techniques Used as an Insider Attack Tool”

CERT’s Insider Threat Team has released its Spotlight On Programming Techniques Used as an Insider Attack Tool.

Spotlight On is a quarterly report issued by the CERT Insider Threat Team. The Insider Threat Team receives significant funding from CyLab.

As one of their benefits, CyLab's corporate partners receive each issue of Spotlight On three months prior to its public release. So as Programming Techniques Used as an Insider Attack Tool  is released to the public, CyLab's partners are now moving on to Malicious Insiders with Ties to the Internet Underground Community, which will be available to the public in 3Q09.

Spotlight On Programming Techniques Used as an Insider Attack Tool  includes analysis of numerous cases.

Similarities across Cases

While the number of cases analyzed for this article is limited, there are similarities worth noting. The majority of these cases were IT Sabotage cases, which follow the escalation patterns documented in CERT’s MERIT model. The MERIT model is a system dynamics model of the insider IT sabotage problem that elaborates complex interactions in the domain and unintended consequences of organizational policies, practices, technology, and culture on insider behavior.

In each of the fifteen cases, changes made by the insider may have been detected prior to the malicious code being deployed had the organization had change controls in place to detect unauthorized modifications to critical systems and software. Some of the organizations did use configuration management tools to track and log changes to critical software. However, either the tools did not prohibit software from being released without approval from a trusted second person, or the organization failed to audit the change control logs for unauthorized changes.

Spotlight On Programming Techniques Used as an Insider Attack Tool also articulates a number of practices to help in mitigating this particular aspect of the insider threat.

For more information:

• See also the third edition of CERT's Common Sense Guide to Prevention and Detection of Insider Threats, and its empirically-based insider threat risk assessment diagnostic.
• Read the CyLab Chronicles Q&A with CERT Insider Threat Team leader Dawn Cappelli.
• Contact Gene Hambrick, CyLab Director of Corporate Relations, to learn more about partnering with CyLab.

 

Copyright (c) 2009 Carnegie Mellon CyLab Partner login | Carnegie Mellon Home
All Rights Reserved. Privacy Policy