Accession Number:

ADA441249

Title:

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Personal Author(s):

• Randazzo, Marisa R.
• Keeney, Michelle
• Kowalski, Eileen
• Cappelli, Dawn
• Moore, Andrew

Report Date:

2005-06-01

Pagination or Media Count:

36.0

Abstract:

Current and former employees, contractors, and other organizational insiders pose a substantial threat by virtue of their knowledge of and access to their employers systems andor databases and their ability to bypass existing physical and electronic security measures through legitimate means. Previous efforts to study insider incidents have focused on narrow areas of industry and have not examined the incidents from both behavioral and technical perspectives simultaneously. These gaps in the literature have made it difficult for organizations to develop a comprehensive understanding of the insider threat and address the issue from an approach that draws on human resources, corporate security, and information security perspectives. The Secret Service National Threat Assessment Center and the CERT Coordination Center of Carnegie Mellon Universitys Software Engineering Institute joined efforts to conduct a unique study of insider incidents, the Insider Threat Study ITS, examining actual cases identified through public reporting or as a computer fraud case investigated by the Secret Service. Each case was analyzed from a behavioral and a technical perspective to identify behaviors and communications in which the insiders engaged -- both online and offline -- prior to and including the insiders harmful activities. The research focused on the following major topic areas components of the incident, detection of the incident and identification of the insider, pre-incident planning and communication, nature of harm to the organization, law enforcement and organizational response, characteristics of the insider and the organization, insider background and history, and insider technical expertise and interests. Section 1 of this report presents an overview of the ITS, including its background, scope, and study methods. Section 2 reports the findings and implications specific to research conducted on insider threat cases in the banking and finance sector.

Descriptors:

• *BANKING
• *DATA PROCESSING SECURITY
• *THREAT EVALUATION
• *PERSONNEL
• *FINANCE
• *CRIMINAL INVESTIGATIONS
• *CRIMES
• DATA BASES
• SOFTWARE ENGINEERING
• SURVIVABILITY
• COMPUTER NETWORKS
• INFORMATION SECURITY
• CYBERTERRORISM
• RISK MANAGEMENT
• LAW ENFORCEMENT
• BEHAVIOR
• CASE STUDIES
• CONTRACTORS
• INFORMATION SYSTEMS
• INDUSTRIES
• CORPORATIONS

Subject Categories:

• Economics and Cost Analysis
• Sociology and Law
• Personnel Management and Labor Relations
• Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE