booklets and brochures
networked information systems
the insider threat (continued)
Insiders generally can be categorized into three groups: employees with continuing authorized access to the systems; people such as contractors, consultants, and temporary employees with limited or intermittent authorized access to the systems; and people legitimately in the area but who do not have authorized access to the systems, such as cleaning personnel and utility repairmen. The "trusted" status afforded insiders, combined with the difficulty in implementing the close monitoring required to detect such activity, make the detection of insiders difficult.
Examples of recent insider assisted incidents include the laundering of billions of dollars through the Bank of New York by Russian organized crime. Another example is the loss of large volumes of protected information from Department of Energy laboratories. In another insider incident, an employee at Forbes illegally accessed Forbes's computer systems by using another employee's access information. He erased or disrupted the data from more than half of the company's network servers. Forbes was unable to restore the data and reportedly lost more than $100,000.
Although disgruntled users, adept hackers, poor programming, equipment failures, and natural disasters are the primary denial-of-service threats to government and commercial systems, inexperienced legitimate users can also endanger networks by using easily deciphered or "default" passwords and by sharing passwords or writing them down in obvious places. They may also leave connections open or endanger a system by introducing unauthorized software -- such as screen savers, games, and other files -- that could contain trap doors, viruses, or other malicious code. In addition, with little or no understanding of the secondary impact their actions may have on network security, self-styled computer experts can be even more destructive by using their limited knowledge to alter system configurations or run programs not approved for the network.
protecting information systems
information assurance and security
The foundation for securing information on the networks begins with two simple principles: information assurance and information security (INFOSEC). Information assurance refers to those activities taken that protect and defend information by ensuring its availability, confidentiality, integrity, authentication, and non-repudiation. These activities include procedures that are designed to protect networks. Information assurance efforts include the application of firewalls, intrusion detection systems, and system monitoring tools.
INFOSEC refers to the measures and controls that safeguard information systems from unauthorized disclosure, modification, or destruction. INFOSEC includes routine reviews of system audit logs, strict enforcement of user privileges, and timely reporting of newly found system vulnerabilities.