by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : September 15, 2014
Insider threats 16 September 15, 2014 FCW.COM spot insider threats more quickly. Charles Hessifer, a federal sales engineer at continuous monitoring firm Tenable Network Security, said the use of CDM tools on federal networks has increased markedly in recent years. “As the industry is moving forward and progressing, so are the requirements of the federal government,” he said. “They can no longer just sit there and potentially do one scan a month, one audit a month.” CDM is meant to offer a holistic view of network vulnerabilities that covers external and internal securi- ty threats. One way it can help with insider threats is through the ability to isolate who has access to specific information on a network. The government has shown greater interest in gaining the ability to sepa- rate login privileges for various users since the Snowden disclosures, said Hessifer, whose clients include the Defense Information Systems Agency. Preventing insider threats has “become more and more important and a greater focus to different orga- nizations,” Hessifer said, adding that improvements in insider-threat pre- vention are mostly due to maturing technology rather than something new. Log correlation engines, for exam- ple, have been around for a few years, but agencies have shown greater interest in the technology since the Snowden leaks, he said. The engines store and analyze logins and other user activity on thousands of network devices. Tracking administrators Snowden used his position as a systems administrator to persuade as many as 25 people working for NSA to give him their login creden- tials, Reuters reported in November. Experts say compartmentalizing the information to which systems admin- istrators have access should be a pri- ority in addressing insider threats. “The fact that identity is treated as...a distributed responsibility [in some federal agencies makes it] very difficult to even know who the person was behind the role that you were giv- ing them access to,” Ammon said. “So [systems administrators] would have an enormous amount of authority either to download an entire database or jump from network to network, and you really couldn’t trace it back to any single user.” The ability to track systems adminis- trators at agencies might be improving, however. Ammon said his firm’s prod- 1. Clearly document and consistently enforce policies and controls. 2. Incorporate insider threat awareness into periodic security training for all employees. 3. Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. 4. Anticipate and manage negative issues in the work environment. 5. Know your assets. 6. Implement strict password and account management policies and practices. 7. Enforce separation of duties and least privilege. 8. Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. 9. Institute stringent access controls and monitoring policies for privileged users. 10. Institutionalize system change controls. 11. Use a log correlation engine or security information and event management system to log, monitor and audit employee actions. 12. Monitor and control remote access from all endpoints, including mobile devices. 13. Develop a comprehensive employee termination procedure. 18 steps to address insider threats The CERT Division of Carnegie Mellon University’s Software Engineering Institute has a list of best practices for combating insider threats. It includes IT-specific and smart management recommendations:
September 30, 2014
August 30, 2014