by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : June 30, 2014
Q How are insider threats to government di erent from those in other sectors? e most important di erence is motivation. While the motiva- tions for insider threats in private industry might be nancial gain or willful destruction, the biggest threat to government is the con- scientious objector---someone who disagrees with an agency s policies and seeks to thwart them. e second biggest in- sider threat to government is nancial; the government also has a lot of private data that could be breached for personal gain. And it can happen to any type of agency as every agency has data that s potentially valuable to private busi- ness or to individuals for nancial gain or strategic advan- tage. An agency reviewing drug e cacy, for example, could be at risk of having advanced copies of test results stolen and distributed. Q Should all agencies attack the insider threat problem in the same way? e way of attacking the problem is basically the same, but the groundwork is di erent, and it s critical. It s important to know what your agency has that is potentially valuable to an insider. To do that, you have to think through what kinds of data a malicious insider would want, along with potential motivators. From there, you can come up with 20 or 30 di erent kinds of IT risk scenarios that represent ac- tions an insider might take. Only then can you start analyz- ing the right data and monitoring for the right anomalies in behavior and access. Q What role does technology play in thwarting insider threats? Once you have your IT risk scenarios gured out, technolo- gy takes it the rest of the way. e key is big data---all of the data that agencies possess. is data comes from a variety of sources, both structured and unstructured. If you can collect and analyze this data while providing the context necessary to eliminate false positives and unintentional actions, you can more accurately identify possible insider threats. You can better pinpoint and act on what constitutes a real insider threat by combining technology that you already have, such as data loss prevention (DLP) and security information and event management (SIEM), and then complement them with a big data technology that allows you to analyze log data, run statistical analysis and create visualizations. Q Agencies have a lot of data. Isn t data collection complicated? A Yes. But big data technology and automation can help. For comprehensive analysis, agencies need to analyze three lev- els of data. First is machine-generated data that IT collects every day---the credentialed activity of your users. e sec- ond level is all of the internal context inside of the agen- cy---things like HR records, time management systems and browsing habits. e third level is other external content that may help you understand what s going on in that per- son s world, such as what countries they have been traveling to, whether their credit score has recently dropped signi - cantly or whether they are starting their own company. Q To what extent can the insider threat process be automated? Probably about 80 percent can be automated. e rest of it is about setting expectations and enforcing policy and procedures. e rst step is developing the policies: what you are going to monitor, how you are going to monitor it, and what the rules are for employees on accessing and sharing information. Next, explicitly spell out and regularly remind people what those policies are. ird, train employ- ees to know the potential signs of a malicious insider by explaining the di erent types of behaviors in hypothetical scenarios appropriate to your agency. A A A A Insider threats pose unique cyber challenge Sponsored Content Mark Seward, Senior Director, Public Sector, Splunk Inc. For more information and to download Splunk Enterprise for free, visit www.splunk.com/insiderthreat
May 30, 2014
June 15, 2014