Accession Number:

ADA592421

Title:

Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase 2, Expanded Analysis and Recommendations

Descriptive Note:

Technical note

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Personal Author(s):

Report Date:

2014-01-01

Pagination or Media Count:

45.0

Abstract:

Throughout the third quarter of 2013, researchers in the CERT registered trademark Insider Threat Center, part of the Carnegie Mellon Software Engineering Institute, contacted commercial and government cloud service providers CSPs to better understand the administrative and technical risks posed by CSP insiders and the countermeasures that CSPs are considering and deploying to identify and mitigate insider attacks. Based on the insights obtained from participating CSPs, CERT researchers have examined how existing CSP insider threat management practices may be improved. Researchers also examined the CERT Divisions Insider Threat Assessment workbooks to identify some data types useful for CSP security information and event management SIEM systems, specifically for mitigating insider threats. A table listing those identified data sources may be of use for CSPs adding logging, analysis, and alerts to their SIEM systems. This report contains observations obtained from interview and survey responses of participating CSP personnel, considerations for improving insider threat mitigation processes, and current challenges within the CSP community as observed by the Insider Threat Center team.

Subject Categories:

  • Information Science
  • Computer Systems
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE