Insider Threats in the Federal Agency: Endpoint Security and Human Analytics

Manning, Snowden, Wikileaks… Recent headlines have made the dangers of insider threats for federal agencies even more of a flashing red light than before. The risk of intentional data breaches is a critical problem, but certainly not the only one. The latest report from the Ponemon Institute, the 2013 Cost of Cyber Crime Study: United States, found that more than one third of all data security breaches at government agencies are caused accidentally by internal employees. Intentional or not, both are problematic.

Human error as insider threat

A study by the Privacy Rights Clearinghouse noted not long ago that government agencies have experienced a steady rise in data breaches caused by employees over the last four years. In addition, employee negligence caused over 150 breaches and the loss of more than 92.5 million records since January 2009.

NIST Cybersecurity Framework Needs More Focus on Collaboration and Finding Anomalies

Jason Fredrickson

A few days ago, I was delighted to see the National Institute of Standards and Technology (NIST) release its Preliminary Cybersecurity Framework for reducing cyber risks to critical infrastructure. And my first read-through was pretty positive: they cover a lot of material, and I think it will help organizations understand the full picture of security readiness. Their tiered approach, for instance, is sound, and I’ve seen it work successfully in other industries–e-discovery, for instance, has the EDRM Maturity Model, and software development has the CMMI. And I’m very pleased to see such attention paid to PII and privacy.

That said, however, I saw a few structural problems on my second review. The Framework has a lot of noise about security policies and procedures and not as much of a call-to-action on collaboration and threat intelligence-sharing as I would like. It lacks any mention of proactive forensics or proactive investigation. It contains a wealth of detail on rules and process for ensuring information security, but very little in the way of the means of, or requirements for, organizations to work together to fight the good fight. And it has a major hole in its attempt to categorize threat detection and response.

Border Wars: Incident Response vs. Forensic Investigation

Josh Beckett

In my day job, we often discuss security tools and the respective processes that generate the requirements that demand the use of such tools. Lately, we have been debating incident response tools and processes as contrasted with forensic investigation tools and processes.  Obviously, both have differing benefits that they bring to the general discipline of security.  They also have differing requirements in terms of the tool sets that they require to execute those processes.

To me, the boundaries between forensic investigation and incident response have always been rather clear.  Maybe slightly fuzzy at the exact interface between them, but not a huge gaping canyon of a zone of uncertainty.  However, lately, I'm starting to believe that out there in the rest of the community it may not be so clear.  I could be wrong...it wouldn't be the first time and I'm sure it won't be the last, especially if you ask some of my close friends.