Management Strategies

09:47 AM
Connect Directly
RSS
E-Mail
50%
50%

The other week, the open source community enthusiastically welcomed a court ruling that set a strong precedence for open source licensing. Not

Secret Service and Carnegie Mellon's Software Engineering Institute release insider-threat study.

Financial institutions are full of insiders. That's why the Secret Service National Threat Assessment Center (NTAC) and the CERT Coordination Center (CERT/CC) of Carnegie Mellon University's Software Engineering Institute conducted a behavioral and technical study of insiders who committed crimes using information technology.

The study examined 23 incidents that occurred between 1996 and 2002. Here are some of the findings and recommendations:

Findings: Most incidents required little technical sophistication.

Recommendations: Secure networks from the full range of users. Use mandatory password protection and policies to prevent insiders from using another employee's computer to carry out an attack.

Findings: Perpetrators planned their actions.

Recommendations: Security personnel and others can stop insiders before an incident occurs. Encourage employees to report suspicious behavior, such as attempts to bypass technical safeguards. Widespread employee awareness of the consequences of computer crime can also stave off attacks.

Findings: Financial gain motivated most perpetrators.

Recommendations: Establish organizational designs to ensure appropriate oversight of insider activity. Conduct auditing and take steps to ensure the integrity of financial-related data.

Findings: Perpetrators did not share a common profile.

Recommendations: Even well-respected, non-technical people commit computer crime, but background checks may be valuable.

Findings: Incidents were detected by various methods and people.

Recommendations: Establish a formal process for employees to report suspected abuses. Detection and assessment often requires manual diagnosis and analysis.

Findings: Perpetrators committed acts while on the job.

Recommendations: Workforce education can reduce insider risk. Be careful when providing remote access to critical data or systems, and perform frequent auditing and logging when necessary.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Dec. 2, 2014
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.