tag:blogger.com,1999:blog-13358151364226052152024-03-13T09:10:08.576-07:00INSIDER THREATSAmir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-1335815136422605215.post-84980074001665134352010-06-17T23:24:00.000-07:002010-06-17T23:57:01.491-07:00Enemy at The Water Cooler<div><br /></div><div><br /></div><div><br /></div><div><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1ZbKuRFXg-J0OpQzMuWYjnGqNuI-MEd1r1lxpmpHf4UyyS_-UwB_FH3SR6zFFbxp4VOrC8Kaa8cG1s3Kzj6-A44War1tVkdH4whPcA4VRQNJv2kI5UjsI1eaYwG52VY2CmBGCvYbTUo0/s1600/Enemy_at_the_water_cooler_cover.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 240px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1ZbKuRFXg-J0OpQzMuWYjnGqNuI-MEd1r1lxpmpHf4UyyS_-UwB_FH3SR6zFFbxp4VOrC8Kaa8cG1s3Kzj6-A44War1tVkdH4whPcA4VRQNJv2kI5UjsI1eaYwG52VY2CmBGCvYbTUo0/s400/Enemy_at_the_water_cooler_cover.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5484002833367769394" /></a><br /><div><br /></div><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4RLo1WXT2jJ0BZQzcchvRrdnrN8P1hx24CRRkYLhhTwkVwX-Y3Dzv3BO9id9EkclbzmlOk7mQx2pX0ezpVz8XL0Y1oz3jHYDJVre_jB6mc0HzLfxXiAean8ezE_XpZpB2KUQk9VV0sPc/s1600/Enemy+at+the+water+cooler++real-life.jpg"><br /></a></div><br /><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">Another insider threat book????</span></span></div><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">That's right guys, in this post I decided to introduce another interesting book related to insider threats. The good thing is that the whole book is available online, you can read it at:</span></span></div><div><a href="http://books.google.com.my/books?id=LKRGF8WQ-cQC&pg=PA57&lpg=PA57&dq=insider+threat+examples&source=bl&ots=d5szCkXZtJ&sig=eVMAN0QL70HxbsYW0K9nngl_N2Y&hl=en&ei=ew8bTNW5AtHBrAfRpeytDA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBkQ6AEwADgK#v=onepage&q=insider%20threat%20examples&f=false"><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">http://books.google.com.my/books?id=LKRGF8WQ-cQC&pg=PA57&lpg=PA57&dq=insider+threat+examples&source=bl&ots=d5szCkXZtJ&sig=eVMAN0QL70HxbsYW0K9nngl_N2Y&hl=en&ei=ew8bTNW5AtHBrAfRpeytDA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBkQ6AEwADgK#v=onepage&q=insider%20threat%20examples&f=false</span></span></a><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /><br /></span></span></div><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">This book is full of good examples of insider threats and wonderful guidance regard of protective measures. Make sure to read examples in chapter 2 page 57. Enjoy!!</span></span></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-84781307951405501182010-06-14T21:10:00.000-07:002010-06-14T22:34:29.821-07:00Even Google has it!!!<div><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgO98IF4U9qKUVFXwIbAy3uMmyUDiDIbHJd_O5x25ouxuvi733ztY54v1zm9rs1Om9y4hzzGMfQoQZNCNpt-DDhHVVn_RxrakC5EyirQBEbIjBxkSECevmldC4qRKAGuJlP-FRM9hwXL08/s1600/GoogleChina_1.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 400px; height: 267px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgO98IF4U9qKUVFXwIbAy3uMmyUDiDIbHJd_O5x25ouxuvi733ztY54v1zm9rs1Om9y4hzzGMfQoQZNCNpt-DDhHVVn_RxrakC5EyirQBEbIjBxkSECevmldC4qRKAGuJlP-FRM9hwXL08/s400/GoogleChina_1.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5482867035941686018" /></a><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /></span></span><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /></span></span></div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">Hello again!!</span></span><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /></span></span><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">I beleive you all heard about dispute between google and china regard the internet censorship of this country and there is possibility that google close its branch in the China soon. Durring the despute there was </span></span><span class="Apple-style-span" style="line-height: 14px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">repeated attempts to hack into the Gmail accounts of Chinese human rights activists which a</span></span></span><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">ccording to Reuters, who cited two unnamed sources, Google was looking into the notion that their own employees helped instigate the attack on their infrastructure.</span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /></span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">you can look up the story in following links:</span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><a href="http://www.eweekeurope.co.uk/news/news-security/google-investigates-insider-threat-after-china-hack-3061"><span class="Apple-style-span" style="color:#FF6666;">http://www.eweekeurope.co.uk/news/news-security/google-investigates-insider-threat-after-china-hack-3061</span></a></span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><a href="http://www.thetechherald.com/article.php/201003/5098/Google-investigating-insider-threat-possibility"><span class="Apple-style-span" style="color:#FF6666;">http://www.thetechherald.com/article.php/201003/5098/Google-investigating-insider-threat-possibility</span></a></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><a href="http://blogs.securiteam.com/index.php/archives/category/insider-threat/"><span class="Apple-style-span" style="color:#FF6666;">http://blogs.securiteam.com/index.php/archives/category/insider-threat/</span></a></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><br /></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><br /></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style=" ;font-size:large;">So if google may has insider threats, other companies should be really worry about it!!</span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /></span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">Interesting thing here is that after google was hacked by china, they carried out a counterattack!!</span></span></span></div><div><span class="Apple-style-span" style=" line-height: 19px; "><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"><br /></span></span></span></div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dwz75DoIiyzYrWxKOr0p34Bog6Su3UZxi2sGuVIwh8k1_BK3-5KhDNnrNOhZVFWh5dmm0gBC-LreKjK5uKflg' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-82160548135712754312010-06-10T22:33:00.000-07:002010-06-11T00:19:49.949-07:00DuPont Case<div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmyN-qCVpVdFuWakgzEQ-pYNdkykYxexgANv0FLj-5lTwNq8M3HtU_-IOCupyP5M0Rlp8R2Y0XH29ZS8vawIbqiX9VgrDPwxbTLEXnAauScpyLV0sw3FL2MqVkrfa1mq4KiYrvSYigGAA/s1600/dupont.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 344px; height: 146px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmyN-qCVpVdFuWakgzEQ-pYNdkykYxexgANv0FLj-5lTwNq8M3HtU_-IOCupyP5M0Rlp8R2Y0XH29ZS8vawIbqiX9VgrDPwxbTLEXnAauScpyLV0sw3FL2MqVkrfa1mq4KiYrvSYigGAA/s400/dupont.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5481408288644909618" /></a><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br />Hey guys, I searched for insider threat cases in the web for you and you will be surprised to find out how many cases I found, I mean a lot!!!!</span></span><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">how ever some were more interesting than the others and DuPont case was one of them.</span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">the story is from: </span></span></div><div><a href="http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1244018_mem1,00.html"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1244018_mem1,00.html</span></span></a></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></div><div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: georgia; "><span class="Apple-style-span" style="font-size: x-large;"><b><span class="Apple-style-span" style="color:#FF6666;">DuPont Case</span></b></span></span></div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></div><div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Gary Min, also known as </span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Yonggang</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"> Min, is a former senior chemist for DuPont who faces up to a decade in prison and a $250,000 fine after pleading guilty to stealing trade secrets in November. The case was unsealed by federal prosecutors in Wilmington, Del., Thursday.</span></span></div><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;font-size:12px;"><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Min, 43, was accused of stealing approximately $400 million worth of information from DuPont and attempting to leak it to a third party. He is scheduled to be sentenced March 29.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">According to local news reports, a naturalized U.S. citizen from China surrendered his passport and is cooperating with federal authorities. Min's attorney, Michael </span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_1"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Mustokoff</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">, said his client accepts responsibility for what he did.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Investigators say Min joined DuPont in 1995 but began exploring a new job opportunity in Asia in 2005 with </span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Victrex</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"> </span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">PLC</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">, a DuPont competitor. Shortly after opening the dialog with </span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_4"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Victrex</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">, Min reportedly proceeded to download approximately 22,000 abstracts from DuPont's data library and accessed about 16,700 documents. After Min gave his notice, DuPont discovered what he was up to and brought in the FBI.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">In the DuPont case, Ben-</span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_5"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Natan</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"> noted how Min downloaded tens of thousands of documents. "A normal employee wouldn't need to review 16,000 documents. Why would you? In hindsight, they would find that a normal employee wouldn't download more than a couple hundred documents a day," Ben-</span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_6"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">Natan</span></span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"> said. "The key is to know what is normal activity so you can spot the abnormal."</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">you can also find more information about DuPont case in following websites:</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></p><p><a href="http://www.informationweek.com/news/security/showArticle.jhtml?articleID=197006474"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">http://www.informationweek.com/news/security/showArticle.jhtml?articleID=197006474</span></span></a></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></p><p><a href="http://www.computerworld.com/s/article/283564/DuPont_Data_Theft_Shows_Insider_Risks"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">http://www.computerworld.com/s/article/283564/DuPont_Data_Theft_Shows_Insider_Risks</span></span></a></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;"><br /></span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">these so many cases confirm this fact that insider threat is very important issue and ignoring it can create huge losses for the companies.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">thanks to these cases we can get better understanding of the ways that employees position themselves as insider threat.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size: medium;">these experiences created so much losses for its company but its free for you!!! so don't hesitate of reading the cases. </span></span></p><p><br /></p></span></div></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-67389795996322074462010-06-05T21:52:00.000-07:002010-06-06T21:23:55.996-07:00Inside Security Tactics<div><br /></div><div style="text-align: left;">Can we protect our network and information against unauthorized insiders by using the same protective measures and applications that we use against outsiders? </div><div style="text-align: left;">If you think we can then check this out!!</div><div><br /></div><div><br /></div><div style="text-align: center;"><br /></div><div><br /></div><div><br /></div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dxFNujBp4V2i3iSa8HSH3FaMH8bEr4KvXSkTj0bSST6Co5b58YOyX2cQqtWujBLOAxCLGURMJB4Zd2gJdrxbw' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-27722363378855419052010-06-03T21:59:00.000-07:002010-06-05T22:39:27.239-07:00Statistics<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgklbRDoHthurUL2S3bjdu8o0Zmmb4bJAFEdNddaiSXyXuW85w635aqj2PWQb0DnmJXBq7EAYU7v_gTE73pDv9ap5Xd-p9GT-R2qtpdMO-SFJyQH2FQCMJlZLwsK8K2VpoFf-fhmum7gHE/s1600/insider2.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 275px; height: 183px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgklbRDoHthurUL2S3bjdu8o0Zmmb4bJAFEdNddaiSXyXuW85w635aqj2PWQb0DnmJXBq7EAYU7v_gTE73pDv9ap5Xd-p9GT-R2qtpdMO-SFJyQH2FQCMJlZLwsK8K2VpoFf-fhmum7gHE/s400/insider2.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5478785704172490402" /></a><br /><div><br /></div>Trust me, you will get surpised when you read it!!!<div>Infomation bellow extracted from:</div><div><a href="http://www.syfuhs.net/article/145.aspx?rss">http://www.syfuhs.net/article/145.aspx?rss</a></div><div><br /></div><div><a href="http://www.syfuhs.net/article/145.aspx?rss"></a><br /><p style=" border-collapse: collapse; font-family:Verdana;font-size:small;"><strong><span class="Apple-style-span" style="color:#FF6666;">Survey participants in London and New York: 600</span></strong></p><ul style=" border-collapse: collapse; font-family:Verdana;font-size:small;"><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Departing workers who took sensitive information with them: 40%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Portion who would provide this information if it would help to find another job: 1/3</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage of employees who are aware of the illegality of stealing information: 85%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Portion of this population who do it any way: 1/2</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage who believe it will be useful it some point in the future: >50%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage who find it easier to pilfer information this year: 57%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage last year: 29%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage who claimed they would take company info if fired tomorrow: 48%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage who would download company/competitive information if their jobs are at risk: 39%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Portion of workers who have lost loyalty to their employers because of the recession: 1/4</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage of those who take information “just in case”: 64%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage who would use the information in future job negotiations: 27%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Percentage who would use the information as tools in their new jobs: 20%</span></span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Those who would take customer and contact details: 29%</span></span></span></li></ul><p style=" border-collapse: collapse; font-family:Verdana;font-size:small;"><strong><span class="Apple-style-span" style="color:#FF6666;">Stuff Stolen:</span></strong></p><ul style=" border-collapse: collapse; font-family:Verdana;font-size:small;"><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-family:georgia;">Plans and proposals: 18%</span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-family:georgia;">Passwords and access codes: 13%</span></span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-family:georgia;">Product information: 11%</span></span></li></ul><p style=" border-collapse: collapse; font-family:Verdana;font-size:small;"><strong><span class="Apple-style-span" style="color:#FF6666;">Those would go out of their way:</span></strong></p><ul style=" border-collapse: collapse; font-family:Verdana;font-size:small;"><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;">Percentage of workers who would strive to find the redundancy list: 32%</span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;">Percentage of those who would bribe a co-worker in the human resources department: 43%</span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;">Who would use their own IT-granted access rights: 37%</span></li><li style="margin-right: 50px; "><span class="Apple-style-span" style="color:#FF6666;">Who would use personal contacts of those in the IT dep</span></li></ul><div><span class="Apple-style-span" style="font-family:Verdana;"><span class="Apple-style-span" style="border-collapse: collapse; font-size:small;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:Verdana;"><span class="Apple-style-span" style="border-collapse: collapse; font-size:small;">There are also some other statistics from Europe which I got from:</span></span></div><div><span class="Apple-style-span" style="font-family:Verdana;"><span class="Apple-style-span" style="border-collapse: collapse; font-size:small;"><a href="http://www.schneier.com/blog/archives/2005/12/insider_threat.html">http://www.schneier.com/blog/archives/2005/12/insider_threat.html</a></span></span></div><div><span class="Apple-style-span" style="font-family:Verdana;"><span class="Apple-style-span" style="border-collapse: collapse; font-size:small;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:Verdana;"><span class="Apple-style-span" style="border-collapse: collapse; font-size:small;"><span class="Apple-style-span" style="border-collapse: separate; font-family:Verdana, Helvetica, sans-serif;font-size:12px;"><ul style=" ;font-family:Verdana, Helvetica, sans-serif;"><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">One in five workers (21%) let family and friends use company laptops and PCs to access the Internet.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">More than half (51%) connect their own devices or gadgets to their work PC.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">A quarter of these do so every day.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Around 60% admit to storing personal content on their work PC.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">One in ten confessed to downloading content at work they shouldn't.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Two thirds (62%) admitted they have a very limited knowledge of IT Security.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">More than half (51%) had no idea how to update the anti-virus protection on their company PC.</span></span></span></li><li style=" margin-top: 0.5em; font-family:Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: medium;"><span class="Apple-style-span" style="font-family:georgia;">Five percent say they have accessed areas of their IT system they shouldn't have.</span></span></span></li></ul><div><br /></div><div><br /></div><div><br /></div><div>So what do you think about it?did you expect this? these statistics somehow change my view toward the employees and I think I won't be able to trust one anymore. Don't you agree with me? </div><div> </div></span></span></span></div><div> </div></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-75703281671146243832010-05-29T20:44:00.000-07:002010-05-29T22:29:52.916-07:00Popular Case of Terry Childs<div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7llIJvuezieMoq7tz6enHBuGBPDo__33cMF6X5j8y2NI8rgpSpBfCY_F1sczROlh4nuFDbmfGrg84m0iK1QMMAs0_V-ZZ0KO7jDNTGAJ2ouQpv9klw_FEErk1s94OvaW80ii532MqJhY/s1600/Terry+Childs.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 222px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7llIJvuezieMoq7tz6enHBuGBPDo__33cMF6X5j8y2NI8rgpSpBfCY_F1sczROlh4nuFDbmfGrg84m0iK1QMMAs0_V-ZZ0KO7jDNTGAJ2ouQpv9klw_FEErk1s94OvaW80ii532MqJhY/s320/Terry+Childs.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5476922794188758322" /></a><br /><div><br /></div><div><br /></div>One of the most controversial cases related to insider threats and computer crimes which occurred in recent year is the case of "Terry <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Childs</span>".<div>In July 2008, Terry <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Childs</span>, network administrator of city of San Fransisco was charged with computer crime in four counts and was arrested and held on 5 million U.S dollar.</div><div><br /></div><div style="text-align: center;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVDrZM7vABXh0YeOo6vmtwL7bfGcOyuMyCV7pTlLqOwkXVgCfw56z-8rZUYrFefU22O_S6tGfUoe49dezS5vz1Xf0gTKsfriaAjW6rU4CXs8NfvsBdwxGifsyOtci0-prOfuKPEdPCfdA/s320/terry.jpg" /></div><div><br /></div><div>The story of Terry <span class="blsp-spelling-error" id="SPELLING_ERROR_2">Childs</span> was not clearly revealed by authorities, however I found some information about terry's story in one article called "<span class="Apple-style-span" style=" color: rgb(20, 55, 86); font-weight: bold; line-height: 34px; font-family:Arial, Helvetica, Geneva, sans-serif;font-size:medium;">T</span><span class="Apple-style-span" style=" color: rgb(20, 55, 86); font-weight: bold; line-height: 34px; font-family:Arial, Helvetica, Geneva, sans-serif;font-size:medium;">he Story Behind San Francisco's Rogue Network Admin</span><span class="Apple-style-span" style=" color: rgb(20, 55, 86); font-weight: bold; line-height: 34px; font-family:Arial, Helvetica, Geneva, sans-serif;font-size:medium;">" </span>by"<span class="Apple-style-span" style=" color: rgb(20, 55, 86); font-weight: bold; font-family:Arial, Helvetica, Geneva, sans-serif;font-size:12px;"> Paul <span class="blsp-spelling-error" id="SPELLING_ERROR_3">Venezia</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_4">InfoWorld</span>" </span></div><div><span class="Apple-style-span" style=" color: rgb(20, 55, 86); font-weight: bold; font-family:Arial, Helvetica, Geneva, sans-serif;font-size:12px;"></span> <span class="Apple-style-span" style="font-size:small;"><a href="http://www.pcworld.com/businesscenter/article/148669-1/the_story_behind_san_franciscos_rogue_network_admin.html">http://www.pcworld.com/businesscenter/article/148669-1/the_story_behind_san_franciscos_rogue_network_admin.html</a></span></div><div><br /></div><div>It seems that Terry was very intelligent, knowledgeable man, who worked in the company's IT department for long time and worked as network engineer and it seems that he was very good in his job. In July 9, 2008, in very tense situation confronted by management, terry refused to hand over router password to Company (city) staffer. Three days later he was arrested.</div><div>exactly what happened was not officially revealed.</div><div><br /></div><div>Regardless that terry's crime had just or unjust excuse, it is consider as a obvious case of computer crime which is done by an employee, thus we can categorize it as a case of insider threat.</div><div>There are many information and opinion about Terry's case, moreover you can read about his court trials. </div><div>see also this website:</div><div><a href="http://www.infoworld.com/t/insider-threat/how-terry-childs-case-could-harm-password-security-802">http://www.infoworld.com/t/insider-threat/how-terry-childs-case-could-harm-password-security-802</a></div><div><br /></div><div><br /></div><div> </div><div><br /></div><div><span class="Apple-style-span" style="font-family:Arial, Helvetica, Geneva, sans-serif;color:#143756;"><span class="Apple-style-span" style="line-height: 34px; font-size:medium;"><b><br /></b></span></span></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-6414396757341373822010-05-25T20:58:00.000-07:002010-05-26T01:42:29.859-07:00Another video!!!<div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Here is another video in which theses IT guys explain about insider threats, why it requires immediate attention and what are the protective measures.</div><div style="text-align: left;"><br /></div><div style="text-align: left;">Enjoy!!!! </div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dxOOAAU_xDHMXHRsTP2d8GWCizata_pCWs8UxiqgqVPNA0XKOw6_ddAmkqoDIBieaQZe5Phdt0W8XwT1JHbDA' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-10763808540670417982010-05-19T20:29:00.000-07:002010-06-17T23:55:21.714-07:00Office Space<div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span><div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></u></span></div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">Hello guys!!!!</span></span></span></span><div><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">In this post I want to recommend one interesting movie that I saw long time ago which is related to the topic of this blog, the name of this very very interesting movie is </span></span><b><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">"Office Space"</span></span></span></b></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvH_0gRb7j3zw42LTRmV07DKqA5jqm2BhxlwjF_pNIIjvUcsce3Feyhczfuz1E2s-ZESEl49LErZhdb1Wwwfe4Q_zCZJ8imHj6oKjwAuCWvpo8rrycqCQRyILPJZ01ZN2j2QxQU3KgZwE/s400/office.jpg" /></span></span></div><div style="text-align: left;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: left;"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:large;">T</span></span><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">he name of this movie refer to bad and depressing work condition of some employees of one company who work in small cubicles and hate their jobs.</span></span></div><div style="text-align: left;"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:large;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgURdY5tvJJrLKZkZK9VoCCoDRsNi7ls6OKz-Efle08iRlGh6V4WNC0SfDyYRaCB6-l-QFtTfKaIqwNWoaqVAwjwD9hxH0sC5cdlUezKhYHXV-iQCuam8XzbyNMoYIo9MRChsNniOVHRSM/s320/office-space-06_full1.jpg" /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: left;"><b><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;">"<span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size: large;">We have to space out all day, in other word we have to look at our computer which it seems that we are working but we are not, but the trying to be seen as a working employee require as much effort as the job itself</span></span>"</span></span></b><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size:large;"> Peter Gibbons commented about his job.</span></span></div><div style="text-align: left;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1_1Xgeegy5V37VimrYUhh7u3onXFFz-Sh0C27pps9LmDBmdhC54CBQuubARIiphehcJ6FzOrZEAMBlrNNlwmBNkG7EJ4dZuClSFJTh_Ro5wjtKh6IdSuVAC4DadRgNI_dxJXHoHq6P7Y/s400/imagesCABBPPKG.jpg" /></span></span></div><div style="text-align: left;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: left;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:large;">I really recommend the MBA students specially students with Human Resource speciality to see this movie, in which we clearly see why motivating employees is so important.</span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1b-gnNlix6ke_wxUEGOt8kIfBwgWNbq9aeanTLax0A67C5et8pa-x5Jm5OCnhX1nwqeF6XI7xr1B3AqK4j92_t-B8yF1E4LTJFU0AhrMD_M00M6JdSTbFVnLuXpShsC3CuOu_nZmXUGs/s320/OfficeSpaceMotivation.jpg" /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size: large;"><span class="Apple-style-span" style="font-family:'times new roman';">Anyway, in this movie Peter Gibbons, who believes that every day is the worst day of his life and also have some problem in his love life decide to seek professional help and go to see a psychiatrist. The shrink decide to hypnotise him, so he send Peter to a place that there is no concerns and worries, however the shrink have heart attack in middle of his work, and peter stays in his condition in which he doesn't worry about anything anymore, and creates funny and amazing consequences and make peter successful in his work.</span></span></div><div><span class="Apple-style-span" style="font-size: large;"><span class="Apple-style-span" style="font-family:'times new roman';"><br /></span></span></div><div><span class="Apple-style-span" style="font-size: large;"><span class="Apple-style-span" style="font-family:'times new roman';">The reason that I saw this movie as a good example of insider threat and </span></span><span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="Apple-style-span" style="font-size: large;"><span class="Apple-style-span" style="font-family:'times new roman';">cyber</span></span></span><span class="Apple-style-span" style="font-size: large;"><span class="Apple-style-span" style="font-family:'times new roman';">crime is that the company in which Peter is working decides to layoff some of its employees. </span></span><span class="Apple-style-span" style="line-height: 17px; "><span class="Apple-style-span" style="font-size: large;"><span class="Apple-style-span" style="font-family:'times new roman';">When layoffs affect Peter's two best friends, they conspire to plant a virus that will embezzle money from the company into their account.</span></span></span></div><div><span class="Apple-style-span" style="line-height: 17px; "><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="line-height: 17px; "><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdgwoXuw89hhl_sWn53d4Td3zjwIeyRGuunvBHC2bIM8wFRqYWGR8tldKL72h7vQODNwpU5dlqkdB7KT-UTZUPtR7aL8pM6YnfvCKp3P56aD1J3qw0XFYBWCTiOtp_sdNZcbiPKuirjEY/s320/office-space-beatdown.jpg" /></span></span></span></div><div><span class="Apple-style-span" style="line-height: 17px; "><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></span></div><div><span class="Apple-style-span" style="line-height: 17px;"><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size: large;">This movie clearly shows a case of Insider threat in which unhappy employees decide to manipulate company's network by planting a virus and steal the company's money. </span></span></span></div><div><span class="Apple-style-span" style="line-height: 17px;"><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size: large;">Make sure to see this movie, it does really worth seeing.</span></span></span></div><div><span class="Apple-style-span" style="line-height: 17px;"><span class="Apple-style-span" style="font-family:'times new roman';"><span class="Apple-style-span" style="font-size: large;">here is the trailer of this movie, enjoy!!</span></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="line-height: 17px;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="line-height: 17px;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="line-height: 17px;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="line-height: 17px;"><br /></span></span></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dxDnVMYsEdUcY5_KGy4cYx85jQy2wCwvPoCXqsrNYa7RktibeX5rE92nj7VBYTg0Djdygn0ki3UOngHdo3feQ' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com1tag:blogger.com,1999:blog-1335815136422605215.post-10176085935843859892010-05-15T20:46:00.000-07:002010-05-15T22:12:27.509-07:00Global recession causing more security risk<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzkwjdFzIrdsEBf3MT_ml6Qtme_eyzB6LjBlFN6CxTPfHCh-vI1C5qVE5XTVtLRLGNzO9PzcIxiyNdvXXj3f2_GP9dIBLaNx4hMsn1jRU22rRUYxA5Yx9YplYMAwf8p5409aUJclHPLR0/s1600/insider+hacker.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 371px; height: 380px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzkwjdFzIrdsEBf3MT_ml6Qtme_eyzB6LjBlFN6CxTPfHCh-vI1C5qVE5XTVtLRLGNzO9PzcIxiyNdvXXj3f2_GP9dIBLaNx4hMsn1jRU22rRUYxA5Yx9YplYMAwf8p5409aUJclHPLR0/s400/insider+hacker.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5471731315207008258" /></a><br /><div><div><span class="Apple-style-span" style="font-family:Arial, Helvetica, sans-serif;font-size:130%;"><span class="Apple-style-span" style="line-height: 21px; font-size:14px;"><br /></span></span></div><div>Increasingly displaced and malicious employees are turning to <span class="blsp-spelling-error" id="SPELLING_ERROR_0">cyber</span> crime by trying to damage and exploit, steal information network which can cost a lot for the company, here we talk about billions of dollars guys!!!! do not <span class="blsp-spelling-corrected" id="SPELLING_ERROR_1">underestimate</span> it.</div><div>nowadays due to global recession companies' <span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;">vital <span class="blsp-spelling-error" id="SPELLING_ERROR_2">informations</span> are at greater risk than ever before.</span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;">based on an official report "Unsecured Economies: Protecting V</span><span class="Apple-style-span" style="line-height: 21px; font-size:14px;"><span class="Apple-style-span" style="font-family:georgia;">ital I</span></span><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">nformation</span>" which was released at World Economic Forum shows the 42 percent increase in corporations' security risk and suggest that the biggest threat to sensitive information are insiders!!!!</span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><br /></span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;">here is another cases of insider threats that i found from (<span class="Apple-style-span" style=" line-height: normal; font-family:Georgia, serif;font-size:16px;"><a href="http://www.readwriteweb.com/archives/laid_off_employees_turning_to.php">http://www.readwriteweb.com/archives/laid_off_employees_turning_to.php</a>)</span></span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><span class="Apple-style-span" style=" line-height: normal; font-family:Georgia, serif;font-size:16px;"><br /></span></span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><span class="Apple-style-span" style=" line-height: normal; font-family:Georgia, serif;font-size:16px;"><br /></span></span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><span class="Apple-style-span" style=" line-height: normal; font-family:Georgia, serif;font-size:16px;"><br /></span></span></div><div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><span class="Apple-style-span" style=" line-height: normal; font-family:Georgia, serif;font-size:16px;">"<span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;">The most recent example can be found in disgruntled Fannie Mae engineer <a href="http://www.sophos.com/blogs/gc/g/2009/01/29/fannie-mae-employee-accused-planting-malware-timebomb/" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; color: rgb(204, 0, 0); "><span class="blsp-spelling-error" id="SPELLING_ERROR_4">Rajendrashinh</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_5">Makwana</span></a> who was indicted for allegedly planting a logic bomb in the mortgage lender's computer network. Fortunately, the embedded code was discovered by another engineer before it caused any damage, which would have been substantial. "Had the virus been released it would have caused millions of dollars of damage and reduced if not shut down operations for at least a week," said FBI Special Agent <a href="http://news.yahoo.com/s/ap/20090130/ap_on_bi_ge/fannie_mae_virus" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; color: rgb(204, 0, 0); ">Jessica Nye</a>.</span></span></span></div><span class="Apple-style-span" style=" line-height: 21px; font-family:Arial, Helvetica, sans-serif;font-size:14px;"><p style="margin-top: 1em; margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-align: left; ">According to some reports this breach may have been averted had Fannie Mae terminated <span class="blsp-spelling-error" id="SPELLING_ERROR_6">Makwana's</span> network access immediately after firing him.</p><p style="margin-top: 1em; margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-align: left; ">Last year, Terry <span class="blsp-spelling-error" id="SPELLING_ERROR_7">Childs</span>, a San Francisco computer engineer was charged with <a href="http://blog.wired.com/27bstroke6/2008/07/sf-city-charged.html" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; color: rgb(204, 0, 0); ">masterminding the hijacking</a> of the city's network when he allegedly refused to allow other administrators to get into the system; locking down law enforcement records and payroll documents.</p><p style="margin-top: 1em; margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-align: left; ">In another 2008 incident, 21 year old <a href="http://www.sophos.com/blogs/gc/g/2009/01/14/exworker-planted-malware-crash-restaurant-systems/" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; color: rgb(204, 0, 0); ">David Everett</a>, a tech support person at <a href="http://www.wandcorp.com/" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; color: rgb(204, 0, 0); ">Wand Corporation</a>decided to turn to <span class="blsp-spelling-error" id="SPELLING_ERROR_8">cybercrime</span> to seek revenge on his former employer after he was laid off. Breaking into the network, Everett allegedly planted three malicious files on 1000 servers in an attempt to bring the system down. Although he did get into the system, he only managed to crash 25 computers before the company was informed of the attack by concerned customers. Earlier this year, Everett <a href="http://news.softpedia.com/news/Terminated-Employee-Hacked-His-Way-Back-In-102053.shtml" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; color: rgb(204, 0, 0); ">pleaded guilty</a> to computer hacking charges and now faces 10 years in prison.</p><p style="margin-top: 1em; margin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; text-align: left; ">Clearly, corporations must begin to proactively protect themselves against insider <span class="blsp-spelling-error" id="SPELLING_ERROR_9">cybercrime</span>."</p></span></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-81478464589235587132010-05-11T21:53:00.000-07:002010-05-11T22:21:48.338-07:00Ways of malicious insider's attackhere is a video about the ways that malicious insider can harm the company's network. In this video we are also persented by possible protective measurs.<div><br /></div><div><br /></div><div><br /></div><div><br /></div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dyxz7vT1fomDahrPomHIo3qCDp19Le_iN63FPWTBPVYSIo99FaZiag9-A4CgSIDei25IcWH7Ia6pgmHf_SKTw' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-61734535177993578442010-05-05T02:33:00.000-07:002010-05-06T22:24:01.819-07:00Insider Threats e-book<div><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt0tVIiQlMuy9f7t_EheYRXrab93oWoaM8DUkcMPp7yNLarBD1YQCEeruq67v35aRKA3b5UQz9LM-8T0ZV6Bv0q8up9oozzAaHPIjhMkZV0GE1S5OpRkjyN0T2c9jxsqwu9ihqsmxVTUA/s1600/Untitled.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 385px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt0tVIiQlMuy9f7t_EheYRXrab93oWoaM8DUkcMPp7yNLarBD1YQCEeruq67v35aRKA3b5UQz9LM-8T0ZV6Bv0q8up9oozzAaHPIjhMkZV0GE1S5OpRkjyN0T2c9jxsqwu9ihqsmxVTUA/s400/Untitled.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5467717184617965186" /></a><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div>Here is very interesting book about insider threat. the whole book is available at:</div><div><a href="http://books.google.com.my/books?id=3tOVQwCaKikC&printsec=frontcover&dq=insider+threat&source=bl&ots=3uYD_E_Aay&sig=Zvjyohm-X-5ZVeJnBO20AHFSmkE&hl=en&ei=dy_hS6PvC4GmrQfV3pWoBw&sa=X&oi=book_result&ct=result&resnum=9&ved=0CDUQ6AEwCA#v=onepage&q&f=false">http://books.google.com.my/books?id=3tOVQwCaKikC&<span class="blsp-spelling-error" id="SPELLING_ERROR_0">printsec</span>=<span class="blsp-spelling-error" id="SPELLING_ERROR_1">frontcover</span>&<span class="blsp-spelling-error" id="SPELLING_ERROR_2">dq</span>=insider+threat&source=bl&<span class="blsp-spelling-error" id="SPELLING_ERROR_3">ots</span>=3<span class="blsp-spelling-error" id="SPELLING_ERROR_4">uYD</span>_E_<span class="blsp-spelling-error" id="SPELLING_ERROR_5">Aay</span>&<span class="blsp-spelling-error" id="SPELLING_ERROR_6">sig</span>=<span class="blsp-spelling-error" id="SPELLING_ERROR_7">Zvjyohm</span>-X-5<span class="blsp-spelling-error" id="SPELLING_ERROR_8">ZVeJnBO</span>20<span class="blsp-spelling-error" id="SPELLING_ERROR_9">AHFSmkE</span>&<span class="blsp-spelling-error" id="SPELLING_ERROR_10">hl</span>=en&<span class="blsp-spelling-error" id="SPELLING_ERROR_11">ei</span>=<span class="blsp-spelling-error" id="SPELLING_ERROR_12">dy</span>_<span class="blsp-spelling-error" id="SPELLING_ERROR_13">hS</span>6<span class="blsp-spelling-error" id="SPELLING_ERROR_14">PvC</span>4<span class="blsp-spelling-error" id="SPELLING_ERROR_15">GmrQfV</span>3<span class="blsp-spelling-error" id="SPELLING_ERROR_16">pWoBw</span>&<span class="blsp-spelling-error" id="SPELLING_ERROR_17">sa</span>=X&oi=book_result&ct=result&<span class="blsp-spelling-error" id="SPELLING_ERROR_18">resnum</span>=9&<span class="blsp-spelling-error" id="SPELLING_ERROR_19">ved</span>=0<span class="blsp-spelling-error" id="SPELLING_ERROR_20">CDUQ</span>6<span class="blsp-spelling-error" id="SPELLING_ERROR_21">AEwCA</span>#v=<span class="blsp-spelling-error" id="SPELLING_ERROR_22">onepage</span>&q&f=false</a></div><div><br /></div><div><br /></div><div>In this book authors have different view toward the insider threats and categorized them into four main group:</div><div><ul><li><span class="Apple-style-span" style="color:#FF6666;">Pure insider</span></li><li><span class="Apple-style-span" style="color:#FF6666;">Insider associate</span></li><li><span class="Apple-style-span" style="color:#FF6666;">Insider affiliate</span></li><li><span class="Apple-style-span" style="color:#FF6666;">Outside affiliate</span></li></ul></div><div><br /></div><div><ul><li>pure insider is the <span class="blsp-spelling-error" id="SPELLING_ERROR_23">person</span> who are employed by the company and have all access <span class="blsp-spelling-corrected" id="SPELLING_ERROR_24">associated</span> with it such as accessing to company's network. authors sees this group as the most important threat since they already have most of the access they need.</li></ul><div><br /></div><ul><li>On the other hand insider associates are people who employed by the company, but they do not have as many access as pure insider. for example cleaner.</li></ul><div><br /></div><ul><li>The third group is insider affiliate who are friend, spouse of employees or have some relation with them and use their credentials to gain access</li></ul></div><div><br /></div><div><ul><li>Outside affiliate are <span class="blsp-spelling-corrected" id="SPELLING_ERROR_25">unauthorized</span> persons who use open access to gain access to company's resources. this cases do not happen because they break into you company but because we left a door open for them. for example wireless network can act as open door for outsiders.</li></ul><div>as I mentioned in my previous post insider threat are <span class="blsp-spelling-corrected" id="SPELLING_ERROR_26">bigger</span> threats than outsider one. in this book authors agree with me and they mentioned these reason for it:</div><div><br /></div><div><ol><li>It is easier: it is obvious when insiders already have access to the network of the <span class="blsp-spelling-corrected" id="SPELLING_ERROR_27">organization</span> they can endanger company's security easier</li><li>most of the security devices and <span class="blsp-spelling-corrected" id="SPELLING_ERROR_28">soft wares</span> are implemented in order to stop external threats</li><li>There is high chance of success since employees have detailed information and access they need so success is almost guaranteed</li><li>since employees who have access don't break in, therefore the chance of getting caught are way lower than external one</li></ol></div><div><br /></div><div>Insider threats has been explained elaborately in this book and I <span class="blsp-spelling-corrected" id="SPELLING_ERROR_29">really</span> recommend you to read it .</div></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-34993929388969798252010-05-01T23:35:00.000-07:002010-05-03T23:34:59.747-07:00Always scrutinize your employeesAs I have mentioned in my previous posts, nowadays insider threats are more important than outsider ones, because it is generated from inside the company, it has many types, most of the time employees do it without bad intentions and because of lack of knowledge.<div>Human resource is a critical resource of a company and it has direct effect on company's profitability, for example by generating right culture and attribute to support strategic goals of the company the revenue of the company can be affected considerably.</div><div><br /></div><div>On the other hand employees can make loss for the company. What I am trying to say is that managers can take so much benefit from understanding human psychology and by scrutinizing their employees' psychology continuously,they will know in what psychological stage each of their employees are, what type of action they are capable of in those stages and on some necessary cases carry out the preventive action, in this way they can increase revenue of the company and prevent bad things that can cause losses for the company.</div><div>the process of scrutinizing employees takes so much time and money, but I believe it worth it compare to future losses that a company can incur on the future.</div><div><br /></div><div>I found another video clip in which speaker believes that the insider threats happens mainly because of pressures and circumstances that happen in the employee's life.</div><div><b><span class="Apple-style-span" style="color:#FF6666;">so monitor your employees closely!!</span></b></div><div><b><span class="Apple-style-span" style="color:#FF6666;"><br /></span></b></div><div><b><span class="Apple-style-span" style="color:#FF6666;"><br /></span></b></div><div><b><span class="Apple-style-span" style="color:#FF6666;"><br /></span></b></div><div><b><span class="Apple-style-span" style="color:#FF6666;"><br /></span></b></div><div><br /></div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dzVU4TJ3-CICwfyKPVNibgpmCS5-M_vnlShKgrhRU9AkxoFoIfFYOrwcJaCAanLFftjJPsuq1ltMgbc5CKJsw' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div><div style="text-align: center;"><br /></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-6444714441815299732010-04-28T20:44:00.000-07:002010-04-28T20:48:39.998-07:00Disclaimer<p class="MsoNormal" style="text-align: center;"><b><span style="line-height: 115%; "><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;"><br /></span></span></span></span></b></p><p class="MsoNormal" style="text-align: center;"><b><span style="line-height: 115%; "><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">DISCLAIMER</span></span></span></span></b></p><p class="MsoNormal" style="text-align:justify"><span style="line-height: 115%; "><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">This weblog is created for the purposes of an MBA project for the subject BYL 7134, Cyberlaw. The materials posted on this weblog are for the purposes of the assignment as well as study and non-profit research. Appropriate acknowledgements to the materials that do not belong to the weblog owner have been publicly made. If you are the author or a copyright owner of any of the articles posted in this weblog and you object to such posting on any grounds, including copyright infringement, please contact me and I will take your material down. I state herein that I am relying on the doctrine of fair use. Thank you for supporting my blog.</span></span><o:p></o:p></span></p>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0tag:blogger.com,1999:blog-1335815136422605215.post-62937795454829787672010-04-27T20:53:00.000-07:002010-04-29T01:50:22.494-07:00Insider Threats Cases<div><br /></div><div><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5pCi4MAhjKTLuRVDObLVZZaHtNFSRByTclXDUbDlUEiFOeqKPBeZF1WO1frpTJouUUR9f5dbUVYg3aNDtkcpgVtfYn2IzE1d7St052r4UzI0oHGejjriu1h3GymgR-h6r04tMPM3Xzz4/s1600/computerblackandwhite.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 200px; height: 149px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5pCi4MAhjKTLuRVDObLVZZaHtNFSRByTclXDUbDlUEiFOeqKPBeZF1WO1frpTJouUUR9f5dbUVYg3aNDtkcpgVtfYn2IzE1d7St052r4UzI0oHGejjriu1h3GymgR-h6r04tMPM3Xzz4/s320/computerblackandwhite.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5465089453514163570" /></a><br /><blockquote></blockquote><div><br /></div><div><br /></div>In one very interesting article "<b>The Insider Threat to Information Systems</b><span class="Apple-style-span" style="font-size:small;"> The Psychology of the Dangerous Insider" by Eric Shaw, Ph.D., Keven G. Ruby, M.A. and Jerrold M. Post, M.D"</span><span class="Apple-style-span" style="font-size:medium;"> I found some summarized cases related to malicious kind of insider threats, in which they have been interestingly catagorized:</span><div><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style=" ;font-size:16px;"></span></span><div><b><span class="Apple-style-span" style="color:#FF6666;">Peopleware Problems</span></b></div><div><span class="Apple-style-span" style="font-size:small;">people who designed the systems, attack the systems, and understanding the psychology of information systems criminals is crucial to protecting those systems.</span></div><div><span class="Apple-style-span" style="font-size:medium;"><br /></span></div><div><span class="Apple-style-span" style="font-size:small;"><div><blockquote></blockquote><ul><li><span class="Apple-style-span" style="font-size:medium;"> A Management Information Systems (MIS) professional at a military facility learns she is going to be downsized. She decides to encrypt large parts of the organization’s database and hold it hostage. She contacts the systems administrator responsible for the database and offers to decode the data for $10,000 in “severance pay” and a promise of no prosecution. He agrees to her terms before consulting with proper authorities. Prosecutors reviewing the case determine that the administrator’s deal precludes them from pursuing charges.</span></li></ul><div><span class="Apple-style-span" style="font-size:medium;"><br /></span></div><div><div><ul><li><span class="Apple-style-span" style="font-size:medium;">At the regional headquarters of an international energy company, an MIS contractor effectively “captures” and closes off the UNIX-based telephonic switching system for the entire complex. Investigators discover that the contractor had been notified a week earlier that he was being terminated in part for chronic tardiness. Further investigation finds the employee to have two prior felony convictions and to be a member of a notorious hacker group under investigation by the FBI. The employee reports he is often up all night helping colleagues with their hacking techniques. Additional investigation reveals that he is the second convicted hacker hired at this site. An earlier case involved a former member of the Legion of Doom who had been serving as a member of a corporate information security team. He had been convicted of computer intrusion at a local phone company. Neither individual had disclosed their criminal history or had been subject to background checks sufficient to discover their past activities.</span></li></ul><div><br /></div><div><br /></div><div><br /></div><div><span class="Apple-style-span" style="font-size:medium;"><div><span class="Apple-style-span" style="color:#FF6666;"><b>Threats with Purpose of Ego Gratification</b></span></div></span></div></div></div><div><br /></div><div><div><ul><li><span class="Apple-style-span" style=" ;font-size:medium;">A senior MIS specialist at an international energy firm regularly created outages at Company sites around the world so that he could spend time abroad while gaining attention for his technical expertise.</span></li></ul></div><div><span class="Apple-style-span" style="font-size:medium;"><br /></span></div><div><ul><li><span class="Apple-style-span" style=" ;font-size:medium;"> Michael Lauffenberger, a 31-year old programmer for the General Dynamics Atlas Missile Program, reportedly felt unappreciated for his programming work on a parts-tracking system. He planted a “logic bomb” in the system designed to erase critical data after he resigned. He then anticipated returning to rescue the company as a highly paid and valued consultant.</span></li></ul><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><span class="Apple-style-span" style="font-size:medium;"><br /></span></div><div><span class="Apple-style-span" style="font-size:medium;"><b><span class="Apple-style-span" style="color:#FF6666;">Greedy Type</span></b></span></div></div></div><div><br /></div><div><div><ul><li><span class="Apple-style-span" style="font-size:medium;">Regional PC manager for the King Soopers supermarket chain Jay Beaman and two clerks were charged in an intricate computer fraud that cost the supermarket over two million dollars over two years. The motives are described by investigators as beginning with financial necessity but quickly escalating into greed and ego. Among the strategies used was manipulating the computer accounting system to funnel certain purchases into a dummy account. At the end of the day, the perpetrators would take the amount funneled into the dummy account right out of the cash registers and then delete the account, also erasing any trace of their fraud.</span></li></ul><div><span class="Apple-style-span" style="font-size:medium;"><br /></span></div><div><span class="Apple-style-span" style="font-size:medium;"><br /></span></div><div><span class="Apple-style-span" style="color:#FF6666;"><b><span class="Apple-style-span" style="font-size:medium;">Caused By poor screening measures</span></b></span></div><div><b><br /></b></div><div><b><div><ul><li><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">A major international energy company </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">recently discovered a logic bomb in software </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">created by a contracted employee. It was </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">installed as “job insurance” by the contracted </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">employee with five prior convictions related to</span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">hacking. The contractor’s firm failed to screen </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">this employee who installed the code in anticipation </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">of using it as leverage against his employer in </span></span><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">case his criminal record was discovered.</span></span></div></div></div></div></div></div></div></div></div></li></ul><div><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><br /></span></div><div><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><br /></span></div><div><span class="Apple-style-span" style=" ;font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">Ambiguous Motives</span></span></div><div><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div><ul><li><span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">Zhangyi Liu, a Chinese computer <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">programmer working as a subcontractor for <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">Litton/PRC Inc., illegally accessed sensitive Air <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">Force information on combat readiness. He also <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">copied passwords, which allow users to create, <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">change or delete any file on the network, and <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; ">posted them on the Internet.</div></span></div></div></b></span></div></span></div></div></b></span></div></span></div></div></b></span></div></span></div></div></b></span></div></span></div></div></b></span></div></span></div></div></b></span></div></span></div></div></b></span></li></ul><div><br /></div><div><br /></div><div><span class="Apple-style-span" style="color:#FF6666;"><br /></span></div><div><b><span class="Apple-style-span" style="color:#FF6666;">Former Employees Threats</span></b></div><div><br /></div><div><div><ul><li><span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">Donald Burleson, a computer programmer <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">for USPA & IRA Co., a Fort Worth <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">securities trading firm, designed a virus after <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">being reprimanded for storing personal letters on <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">his company computer. The virus was designed <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">to erase portions of the Company’s mainframe <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">and then repeat the process if a predetermined <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">value was not reset in a specific location. After <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">being fired, Burleson used a duplicate set of keys <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">to return to the facility at 3 a.m. and employ an <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">unauthorized backdoor password to reenter the <span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; ">system and execute the virus.</div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></div></div></div></span></div></div></b></span></li></ul><div><br /></div><div><br /></div><div><br /></div><div><div><b><span class="Apple-style-span" style="color:#FF6666;">Foreign connections </span></b><span class="Apple-style-span" style=" ;font-size:small;"><b><div style="display: inline !important; "><div style="display: inline !important; "><span class="Apple-style-span" style="font-weight: normal; font-size:medium;"><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; "><div style="display: inline !important; "><b><span class="Apple-style-span" style="color:#FF6666;">of IT specialists</span></b> </div></div></div></div></div></span></div></div></b></span></div></div></div></div></div></span></div></div></b></div></div></div></div></span></div><div><br /><div><div><ul><li><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;">On the programming staff of Ellery Systems, a Boulder Colorado software firm working on advanced distributive computing software, was a Chinese national who transferred, via the Internet, the firms entire proprietary source code to another Chinese national working in the Denver area. The software was then transferred to a Chinese company, Beijing Machinery. Ellery Systems was subsequently driven to bankruptcy by foreign competition directly attributed to the loss of the source code.</span></span></li></ul><div><br /></div><div><br /></div><div><br /></div><div><span class="Apple-style-span" style="font-size:medium;">Best way to protect companies against insider threats is to get familiarized with their types.</span></div><div><span class="Apple-style-span" style="font-size:medium;">studying cases are the best way for this purpose. I'll try to find more cases to share with.</span></div><div><br /></div><div><br /></div><div><br /></div></div></div></div></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com3tag:blogger.com,1999:blog-1335815136422605215.post-27255944278742515512010-04-25T06:44:00.000-07:002010-04-27T20:53:29.732-07:00Data breach. Inside Job???<div style="text-align: center;"><u><span class="Apple-style-span" style="color:#0000EE;"><br /></span></u></div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br />That's right guys, insider threats are now hot stuff!! malicious and careless users are now considered bigger threat than external ones. I mean you can establish firewall, antivirus and anti spam programs to defend your system against external threats, but when you are dealing with internal threats, you don't know where and when its going to hit you. well, you can guess the malicious ones somehow. I mean when you see an employee who is angry at the corporation, it will give you heads up.</span></span><div><span class="Apple-style-span" style=" ;font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq7NghUCJzRcijR_lRNF6YPHeyyvQLj6V0E9GYq7wkhYZivLKQvsKpvHenViGVuE1fWVJfUOoqFPCAW94wS2DackF4sU5570tZp_5_fKGuHphKUNIPWnwQMNMlM02zU2LDGd5JfaJNiQk/s320/hacker_businessman.jpg" /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="color:#FF6666;"><b>However, the careless ones are the bad one. they themselves even don't know that they are creating threat for the company, how you can know!!!!!!</b></span></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="color:#FF6666;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;">for example in many companies employee write their user name and password on peace of paper and put it on the wall!!!!</span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;">I found a video clip of one seminar with topic of "Data Breach" which is quite interesting. In this clip we are presented with two cases of these careless employees. So again, don't underestimate them, they can cost a fortune for their company.</span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;">enjoy....<br /></span></span><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"> <span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dw7Yoy6_tGTK3cS0JFZU6ajibECIbH3jwarfJbJYw6YwGU0AN6AbbwYLE8Wo5FEa4QibJPyu7MiqLxDfrBKBA' class='b-hbp-video b-uploaded' frameborder='0'></iframe></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family:georgia;"><br /></span></span></div></div></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com2tag:blogger.com,1999:blog-1335815136422605215.post-50268253372853508732010-04-24T00:51:00.000-07:002010-04-24T08:37:35.335-07:00Insider Carelessness = Big threat!!!!<div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><br /><div><br /></div><div><br /></div><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNIN-L2Y3ZRh_7K0_PLBXwVgnxVnRk5kFC2_eEFJ0Hd3OrUAcmNVYj6fJgWwzHAvzysTI2z44QE5W14Q5EiDR3jJf-tEvTu3Dj7RvidXX7o1euzfWE9IzGAv0qwGr14xEYVgcTjCh7DuU/s1600/Crimes+Of+Carelessness1.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 200px; height: 134px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNIN-L2Y3ZRh_7K0_PLBXwVgnxVnRk5kFC2_eEFJ0Hd3OrUAcmNVYj6fJgWwzHAvzysTI2z44QE5W14Q5EiDR3jJf-tEvTu3Dj7RvidXX7o1euzfWE9IzGAv0qwGr14xEYVgcTjCh7DuU/s200/Crimes+Of+Carelessness1.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5463719787631375154" /></a><br /><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div>In this post I've decided to share some information about one of the most important aspects of insider threats which is careless employees!! that's right, and it is big one!!!!!</span></span><div><span class="Apple-style-span" style="font-size:medium;"></span><span class="Apple-style-span" style="font-family:georgia;"><br /></span><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">Stefanie Hoffman in "</span></span><span class="Apple-style-span" style=" font-weight: bold; "><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">RSA: Insider Carelessness Cause Of Most Security Threats" </span><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style="font-size:medium;">believes that </span><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-size:medium;">the greatest threat to any workplace will likely to be from an insider and it will probably be an accident and based on a survey released from RSA, the security division of EMC, the </span><b><span class="Apple-style-span" style="font-size:medium;">biggest threats in a workplace are often unintentional</span></b><span class="Apple-style-span" style="font-size:medium;">, often resulting from carelessness or ignorance of individuals within the organization or company.</span></span></span></span></span></div><div><span class="Apple-style-span" style=" font-weight: bold; "><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-weight: normal;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">"The bad guys are into fraud. They're very well funded, and they are extremely motivated to make money. You can reduce a lot of risk by taking away the innocent mistakes."</span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;"><br /></span></span></b></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family:Arial, Helvetica, sans-serif;color:#FF6666;"><b><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9UZJOvvxgLuMaMAmhRTpvGi1xL_k4cD1IS06vtP4Jhn3ufRQFNxP1IqbBUuo74jS9etkw6o14bBk4rnnDp2R0PMISA3ANUh9_sNO5l8lXFjgmLFSpigle11ZpWR-8Hhyj2MoL3dl2jMQ/s200/SuperStock_1538R-28032.jpg" /></b></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;"><br /></span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-size:medium;"><br /></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-size:medium;">Hoffman catagorized these innocent mistakes as bellow:</span></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-size:medium;"><br /></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF0000;">1.</span> </span><span class="Apple-style-span" style="font-weight: normal; "><span class="Apple-style-span" style="font-size:medium;">Some of these innocent mistakes are committed by individuals who circumvent security regulations just to get their jobs done. In on other survey, 63 percent of employees said that they frequently or sometimes sent work documents to their personal e-mail address so they could complete their tasks at home, and more than half said that they have accessed their work e-mail</span><span class="Apple-style-span" style="font-size:medium;"> from a public computer</span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-weight: normal; "><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-weight: normal; "><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF0000;">2.</span><span class="Apple-style-span" style="color:#FF6666;"> </span> trusting workers literally hold the door wide open for perpetrators. More than a third of respondents said they have opened a secured door for someone they didn't recognize at work, while 40 percent of workers said that someone else they didn't know let them into their building after they had forgotten their access card or key. And of the two-thirds of respondents that said their company provides a wireless </span><span class="Apple-style-span" style="font-size:medium;">network, 19 percent said that access was completely open, with no login </span><span class="Apple-style-span" style="font-size:medium;">credentials required.</span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-weight: normal; "><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-weight: normal; "><span class="Apple-style-span" style="font-size:medium;"><b><span class="Apple-style-span" style="color:#FF6666;">"Massive damage is being done to brands. It can be devastating for a small company. If a law firm has had a breach, that can be devastating. They don't have to have 5,000 or more employees,"</span></b> </span><span class="Apple-style-span" style="font-size:small;">said Chris Clinton, RSA director of worldwide channels.</span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><b><span class="Apple-style-span" style="font-weight: normal; "><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></b></span></span></div><div><span class="Apple-style-span"><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style=" ;font-family:Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style=" ;font-size:12px;"><b><br /></b></span></span></span></span></span></div></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com1tag:blogger.com,1999:blog-1335815136422605215.post-84512108076629856332010-04-22T21:36:00.000-07:002010-04-28T22:19:58.127-07:00Be careful !!! They can be anywhere<div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color:#0000EE;"><u><br /></u></span></div><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4viW4QtsmWc3zBP8AAM4-Une8uIItjjVdCWWYNB_TpObRIv0Z8zavi2zaNmdsBmOBB64CQhgis3eeKPaS7Z2lanhqFEWFhrX_GAsJ353DKFjPWcL4kn1njvMTg0J77PAe3Q6-rwF4EDQ/s1600/insider-threat.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 96px; height: 96px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4viW4QtsmWc3zBP8AAM4-Une8uIItjjVdCWWYNB_TpObRIv0Z8zavi2zaNmdsBmOBB64CQhgis3eeKPaS7Z2lanhqFEWFhrX_GAsJ353DKFjPWcL4kn1njvMTg0J77PAe3Q6-rwF4EDQ/s200/insider-threat.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5463204668982254082" /></a></div><br /><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="color:#FF0000;"><b><span class="Apple-style-span" style="font-size:medium;"><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="color:#FF0000;"><b><span class="Apple-style-span" style="font-size:medium;"><br /></span></b></span></span></div>"Companies need to make it clear to their employees from day one that they are being monitored," </span><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: normal; font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style="font-size: small;"><span class="Apple-style-span" style="color:#FF9966;">Kerry Anderson,vice president, information security group, </span></span><span class="Apple-style-span" style="font-size: small;"><span class="Apple-style-span" style="color:#FF9966;">FMR</span></span><span class="Apple-style-span" style="font-size: small;"><span class="Apple-style-span" style="color:#FF9966;"> Corp</span></span><span class="Apple-style-span" style="font-size:small;">.</span></span></b></span></span><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="color:#FF0000;"><b><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-weight: normal; font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></b></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style="font-size:medium;">I found some interesting data about forms of insider threat that I am going to share in this post (<span class="Apple-style-span" style="font-family: arial, verdana, helvetica; font-size: 12px; ">21 Nov 2006 | SearchSecurity.com | By Bill Brenner, Senior News Writer)<span class="Apple-style-span" style="font-family: 'trebuchet MS', verdana, arial, helvetica; font-size: 16px; ">.</span></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="font-family: arial, verdana, helvetica; font-size: 12px; "><span class="Apple-style-span" style="font-family: 'trebuchet MS', verdana, arial, helvetica; font-size: 16px; "><br /></span></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;">Anderson, a vice president in the information security group at Fidelity Investments Brokerage Company, has seen a variety of troublesome insiders in her career. What are the types? here it is:</span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">1</span>. There's the saboteur who tries to deface critical company data because they have an axe to grind against their bosses or fellow co-workers.</span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"> <img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJIAPcz1iV-XvK-I4zMD3eslq6R1k-8DjpM0lU25N1mRUkyRMusdpHFxooA6mDr3qf5-0wxMab7EoZe8Bmw5wW7t7hQUx3SK6oae40lqUiM-FZFqeCWfoBrqc1GA4TGqxwuS6My8vpx8A/s200/angry_eye.jpg" /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><br /></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">2</span>. Then there's the sole living expert -- someone who has been around so long they think they own the network. They want everyone to be dependent on them, so they manipulate the network in a way to make other employees come to them to access certain pieces of data or perform certain network functions.</span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">3</span>. people who have what she calls the hero syndrome. They break something on the network so they can fix it and be seen as life savers.</span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><b><span class="Apple-style-span" style="font-size:medium;">"If something is breaking every three weeks and the same person is fixing it, I'd start taking a look at them,"</span></b><span class="Apple-style-span" style="font-size:medium;"> she said</span></span></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN3nUx8eMIfgFFXMIDMM-RXoBWMqSzmI6GTUCKihbRH043KnOtqsRpNbf4rSKAWxuSJcu7MNR_MRX8L3PFqV2gZUfytuT_OyEEW0UoW04PMuatLnTUwtwbsrqUoZ1ox3yYVyMM742JlfQ/s200/ist1_9738365-super-employee.jpg" /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:'trebuchet MS', verdana, arial, helvetica;"><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;">These threats can damage companies seriously, but don't worry, whatever the insider's tactics or motives may be, Anderson said there are some common warning signs to look for. check this out:</span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">1.</span> someone who isn't getting along with managers or co-workers and may be preparing to leave the company. If someone is leaving under unhappy circumstances, there's always the chance they could sabotage network data on the way out the door, she said.</span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">2.</span> Companies must also keep an eye on people who may start working hours when nobody else is around. Anyone who suddenly changes their normal work routine bears watching, Anderson said.</span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;">Also there are some preventives:</span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">a.</span> "People need to understand that their computers are for business only and that they can be disciplined or even fired for using them for anything that isn't business related," Anderson said.</span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">b</span>. IT security professionals also need to watch for personal technology that could put the company at risk, she said. Cell phones with embedded cameras, for example, could be used to photograph and transmit sensitive data.</span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></div><div><span class="Apple-style-span" style="font-family:arial, verdana, helvetica;font-size:100%;"><span class="Apple-style-span" style="font-size:12px;"><p><span class="Apple-style-span" style="font-size:medium;">While these are important steps, Anderson acknowledged that companies can't prevent every insider-related incident.</span></p><p><b><span class="Apple-style-span" style="font-size:medium;">"A lot of internal fraud goes unreported because it's embarrassing," she said.</span></b></p><p><b><span class="Apple-style-span" style="font-size:medium;">If there is a security breach, companies must be honest about it and come clean publicly</span></b><span class="Apple-style-span" style="font-size:medium;">, she said. Otherwise, the company's reputation and the security of their customers could take a bigger hit later. </span></p></span></span></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com3tag:blogger.com,1999:blog-1335815136422605215.post-70944851834415727602010-04-21T21:17:00.000-07:002010-04-28T21:16:24.480-07:00What/Who are Insider Threats?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwEOh02h-42wjCtrqfy26BJg2XpOcdmpdgNggmAjVvqilsG-0NZmCmUdi6f6nVcTVbS94uJcpQNzmVLxHpx-OHsiG-wnmYh7nguussrnLfZhyIvTtpApsDUqArWuuj8-Gy29AZsn94QpM/s1600/images+inside.jpg"><span><span></span></span><span><span></span></span><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 115px; height: 73px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwEOh02h-42wjCtrqfy26BJg2XpOcdmpdgNggmAjVvqilsG-0NZmCmUdi6f6nVcTVbS94uJcpQNzmVLxHpx-OHsiG-wnmYh7nguussrnLfZhyIvTtpApsDUqArWuuj8-Gy29AZsn94QpM/s200/images+inside.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5462839646872243922" /></a><br /><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">That's right. Not all the threats come from outside the company!! Employees can also be important threats for company's network. In this blog I am going to share info<span><span></span></span>rmation about two kinds of insider threats (for definitions I also used <a href="http://searchsecurity.techtarget.com/">http://searchsecurity.techtarget.com</a> ):</span></span><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span><div><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="color:#FF6666;"><span class="Apple-style-span" style="font-size:medium;">1</span></span><span class="Apple-style-span" style="font-size:medium;">. M</span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">alicious hacker </span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"> (also called a cracker </span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">or a black hat</span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise.</span></span></div><span class="Apple-style-span" style=" ;font-family:arial, verdana, helvetica;font-size:13px;"><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">Insider threats are often disgruntled employees or ex-employees who believe that the business, institution, or agency has "done them wrong" and feel justified in gaining revenge. The malicious activity usually occurs in four steps or phases. First, the cracker gains entry to the system or network. Secondly, the cracker investigates the nature of the system or network in order to learn where the vulnerable points are and where the most damage can be caused with the least effort. Thirdly, the cracker sets up a workstation from which the nefarious activity can be conducted. Finally, the actual destructive activity takes place.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">The damage caused by an insider threat can take many forms, including the introduction of viruses</span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">, worms </span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">, or Trojan horses</span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to produce inconvenience or false criminal evidence; and the theft of the identities of specific individuals in the enterprise. Protection against the insider threat involves measures similar to those recommended for Internet users, such as the use of multiple spware </span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">scanning programs,</span></span><term><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">anti-virus program</span></span></term><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">s, firewalls</span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">, and a rigorous data backup </span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">and archiving </span></span><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;">routine.</span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><br /></span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF0000;">2</span>. The other category that I am going to share information about is careless and untrained insiders which </span><span class="Apple-style-span" style="font-family:Arial, Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-size:medium;">are duped or fall prey to social engineering type attacks.</span></span></span></p><p><span class="Apple-style-span" style="font-family:georgia;"><span class="Apple-style-span" style="font-family:Arial, Verdana, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-size:medium;">Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization's risk to careless insiders.</span></span></span></p><p><span class="Apple-style-span" style="font-family:Arial, Verdana, Helvetica, sans-serif;"><br /></span></p></span></div><div style="text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.blogger.com/video.g?token=AD6v5dwteE-0WgeM_aHFhJTw1RdM4_AJAjMXqElZltz9oWZJ8CKbIdorIYKpcqbGHdnvbYaVnelad4gz-2tLOU6nRA' class='b-hbp-video b-uploaded' frameborder='0'></iframe></div><div><br /></div><div><span class="Apple-style-span" style="font-size:medium;"><span class="Apple-style-span" style="color:#FF6666;">Check this out, the man can recognize the potentiality of being insder threat by just looking at their pictures!!!!</span></span></div>Amir Masoudhttp://www.blogger.com/profile/09950309355619420554noreply@blogger.com0