Insider Threat - Week 11

You can install all the firewalls you want, use the most advanced and up-to-date antivirus software there is, but one thing remains constant. The insider threat is very real. And it is sometimes the most difficult threat to your information systems to detect. Ask Bradley Manning or Edward Snowden how real the insider threat is. There are ways to reduce the insider threat. One way is for an organization to routinely review what type of access to which systems each employee maintains. Then determine if that access is necessary for the position they are filling. If the answer is no, remove that access. The organization should also maintain a meticulous log of what accesses, and by what means, each employee has. Other employees should be aware of their surroundings. If an employee all of a sudden doesn’t like what the organization is doing, they could be a threat to that organization’s information systems as an insider.

Another step an organization can take is routinely check activity logs where employees access the various systems. If an employee is becoming disgruntled, it wouldn’t take much for them to install some type of software that could still give them access to the organization’s information systems if they are terminated. The activity logs could show this.

While there is no way an organization can completely eliminate an insider threat, there are steps they can take to minimize the threat of an insider attack.

Intrusion Detection - Week 10

Information systems intrusion detection. Who uses it? Pretty much anyone using a firewall or antivirus software. Intrusion detection works a few different ways. One way is a network-based intrusion detection. This type of intrusion detection system would be placed at different points within a network to monitor traffic between devices on the network. Another type is host-based intrusion detection. Host-based detection runs on individual devices within a network. Signature-based intrusion detection is another type. This type of intrusion detection looks for specific signatures traveling over the network, such as viruses, trojan horses, or worms. Another type of intrusion detection is anomaly-based intrusion detection. This detection method watches what normally goes across a network for traffic and establishes a baseline. Once the baseline is established it watches for anomalies, or traffic that is out of the ordinary being transmitted over the network, as it compares to that baseline.

Intrusion detection systems are able to keep a log on the system to alert system administrators when an intrusion has been detected. They can also be set to generate a pop-up window to alert that an intrusion was detected.

Intrusion detection is just another tool to keep information safe within a network and when it is being transmitted.

Controlling Risk - Week 9

Last week we talked about Risk Management.  Controlling Risk is the goal. Whether that is identifying the risk and then determining if that risk is preventable, determining how to prevent it, or determining what it would take to prevent that risk would cost more than paying for the risk. There are several methods to determine if the risk is worth taking or not.

One of these methods is cost benefit analysis. This looks at the annualized rate of occurrence, or how many times this risk is expected to happen in a year, the annualized loss expectancy, or how much an organization expects to lose over a year due to this risk. There are also controls that can be put into place, such as new safeguards, new software, new hardware, etc. This is all figured by the cost to the organization pre-control, and the cost to the organization post-control. Many times the cost of the control will reduce the annualized loss expectancy enough to make the cost of the control worth it. Other times, the annualized loss expectancy is not reduced that much post-control and actually makes the cost of the control too much. Using the control would actually cost the company more than absorbing the cost of the risk.

It is up to the organization to determine if it is worth using a control or not.

Risk Management - Week 8

Risk management is something we do every day. When I get up in the morning do I stand still and let the dogs get around me or do I continue down the hall to let them out, knowing at some point they’re going to blow through me and potentially take my legs out from under me. Driving to work, do I have enough time to make a right on red or do I need to wait for this car to go past first?

Now apply this to information security. There is risk management involved there, too. The way technology keeps improving we need to keep on top of risk management. As technology improves for the good guys, it also improves for the hackers. Also, as technology improves, newer parts coming out generally could have bugs in them that will need to be fixed. Staying on top of that is part of risk management. As the technology improves when does the older equipment become obsolete? What kind of vulnerabilities are there in the older software or hardware that can be taken advantage of?

Risk management is sometimes a balancing act between staying within a budget and updating to newer software or hardware to alleviate these vulnerabilities. It is weighing the vulnerabilities and then racking and stacking to determine which are the most important ones to take care of first.