by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : June 15, 2015
Those minimum standards included, among others: • The capability to gather, integrate, and centrally analyze and respond to key threat-related information. • The ability to monitor employee use of classified networks. That requires data on who in the organization is accessing what sources, when they are accessing them and how, and what they are doing with the information they are accessing. With all of that in hand, IT and security administrators can know if people are straying beyond their security privileges and, if necessary, build a case against them for potential action. In September 2014, the Defense Department issued a directive to establish its own insider threat program, promising “an integrated capability to monitor and audit information for insider threat detection and mitigation.” It detailed just how extensive that information collection could be, since it said preventing insider threats requires the “integration and synchronization” of programs throughout the DOD, and the ability to monitor information across a wide swathe of sources, including counterintelligence, security, cybersecurity, and personnel management. The good news is that organizations already have all the data they need for this. Network logs, email activity, new data sources such as social media, and even the physical comings and goings as people enter and leave buildings provide all the information required to establish insider threat monitoring and mitigation. As general IT security is strengthened, new applications and more complex sensors will constantly add to the number of data sources meaningful to cybersecurity. The problem comes in how to turn this constant flood of unlike data into useful information that organizations can use to take action on insider threats, and do so in a timely way. That means not only being able to collect the information, but also maintain the who, what, when and where links so that the evidence trail is unbroken. Typically, that comes down to being able to store, enrich and correlate information in a unified repository and provide a single access point for search and discovery capabilities. Only then, investigators or analysts can link information together while keeping all of the pedigree, provenance and attributions that are already attached to the information. That’s particularly important given the increasingly dynamic and complex threat scenarios organizations have to deal with. As they detect vulnerabilities and change security controls and policies to plug the gaps they find, insiders will find new and more innovative ways to get around the fixes and hide their activities, which require even more data sources and more complicated detection techniques. That generates even more, and more complex, information that has to be integrated. Bringing all of this together in a way that gives an analyst a quick search and discovery capability, and an easy way to capture and maintain the relationships between all the various data and information, is what stumps most organizations today in building a defense again insider threats. GETTING ACTIONABLE INFORMATION FROM A LOT OF DATA The core of the problem lies not just in the amount of data that an organization collects, but in the kind of data that exists and the many different formats it can take. Combining and integrating that data is a big task in itself, but getting actionable information from it adds a whole other dimension. The instances that might indicate an insider threat, sifted from the daily actions of hundreds or thousands of individuals in an organization that are being tracked, are few. The data that is actionable and available is therefore always very small, and represents an extremely weak signal on top of a very noisy environment. Add the fact that data sources can change very quickly, and things get even more challenging. Depending on the size and breadth of an organization, even the same kind of data may mean different things to different people, and can be used differently in an investigation. A financial regulator institution would have a different need for data on who did what and where and when they did it than, say, another kind of organization “The core of the problem lies not just in the amount of data that an organization collects, but in the kind of data that exists and the many different formats it can take.” SPECIAL REPORT OBJECT-BASED INTELLIGENCE Sponsored Content
May 30, 2015
June 30, 2015