Accession Number:

AD1045006

Title:

Low Cost Technical Solutions to Jump Start an Insider Threat Program

Descriptive Note:

Technical Report

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Report Date:

2016-05-11

Pagination or Media Count:

37.0

Abstract:

Any information security initiative within an organization typically involves a set of tools to help the initiative succeed. These initiatives may be faced with tight budgets limiting funds that can be spent on hardware and software. Insider threat programs InTP are no different. These programs need to have tools that can be used to help combat the threat. Insider threat programs should consider five different classes of tools to help prevent, detect, and respond to malicious insiders. The minimum classes of tools that are needed for an effective program include the following 1. user activity monitoring UAM. 2. data loss prevention DLP. 3. security information and event management SIEM. 4. analytics. 5. digital forensics. Commercial tools are available in all of these categories. However, they are typically geared toward large enterprises, with purchase prices and implementation costs that are out of reach for many smaller organizations. This creates a barrier and a deterrent for many organizations that need to implement an InTP.

Subject Categories:

  • Computer Systems Management and Standards
  • Sociology and Law

Distribution Statement:

APPROVED FOR PUBLIC RELEASE