UKUUG Spring 2009 Conference
24-26 March 2009 in London
Meeting the Insider Threat: How System Administrators can Protect Information Systems from Sabotage, Theft and Fraud
Abstract
The presentation is aimed at system administrators that need to understand and limit the threat from their own employees who inadvertently or maliciously compromise their organisation and its assets. Threats from insiders have been thought to cause 80% of all security breaches and although the true figure is lower, the consequences from insider attack are often more serious than external attack, because of their greater knowledge and access. The loss of 25 million personal records by Revenue and Customs in the UK is just the latest of a long line of privacy breaches caused by inadequate technical and procedural controls. The threat from organised crime is ever increasing as they discover it is easier and more profitable to bribe employees or get their own people inside organisations. A multidisciplinary approach is needed both from management and administrators to provide comprehensive protection from physical (electromagnetic radiation and tangible objects), logical (computer, networks, applications and data) and social (people and organisations) attacks. We have developed a three-layer security architecture containing the social, logical and physical layers that has been used to model the insider threat holistically.
Speaker biography
Clive Blackwell has developed a practical three-layer security architecture to model computer networks such as the Internet and other complex systems such as critical infrastructure. He is currently using the model to analyse the insider threat, which he demonstrates in his upcoming book "Meeting the Insider Threat: Protecting Organisations from Sabotage, Fraud and Theft" due to be published on 1 January 2009. He is a regular speaker at both academic and business conferences on security and has written several papers on the insider threat in different business domains. He recently gave a half-day master class at the "The Malicious Exploitation of Information Systems: Preventing the Rise of the Insider Threat" Conference at University College, London. This also included many well-known speakers from the US including CERT, the Software Engineering Institute at Carnegie-Mellon University, MITRE and the RAND Corporation that have worked on the insider threat for many years (www.cert.org/insider_threat). The talk will have some similarity to the Common Sense Guide to Prevention and Detection of Insider Threats, but will be more relevant to a technical audience. He received an EPSRC award for his PhD in network security at Royal Holloway under the supervision of Professor Chris Mitchell. He holds a degree in Mathematics from Warwick University and in Computer Science from Royal Holloway where he passed out top of his class, and an MSc in Information Security also from Royal Holloway. He is a researcher, but also run his own IT security consultancy, Advanced Computer Services, so he is aware of the business issues as well.
Slides
The slies from this presentation are available in the following formats:
PO BOX 37
Buntingford
Herts
SG9 9UQ More information