Insider Threat
Mr. Johnson has over 20 years experience in IT automation, monitoring and management. He started TDI in 1991 to deliver IT Foundation Management, a different method of managing the IT Datacenter. With changes in IT technology, it has elevated the level of play for the Insider Threat, Regulatory compliance and Security best practices. Bill has led numerous discussions, round tables and has been listed as an Industry Thought Leader by the SANS Institute. He has an Electrical Engineering Degree from the University of Louisville.
Today's Information Systems (IS) provide enormous leverage and access to vast amounts of sensitive, unclassified, and classified mission critical data. The potential for abuse is obvious. "The great majority of past compromises have involved insider, cleared persons with authorized access that could circumvent physical security barriers, not outsiders breaking into secure areas."
Insiders can be employees, contractors, service providers, or anyone with legitimate access to a system. All insiders have some degree of physical or administrative access to IS. The greater the individual's knowledge of and access to the system, the greater the potential threat from that person - with individuals having privileged access posing the greatest potential threat.
Using System Administrator (SA)-assigned or surreptitiously acquired computer access privileges, insiders have the capability to compromise, modify, or destroy information stored on the system, as well as the ability to inhibit its access to others. The insider is often self-motivated, knows the security of the system, and raises no alarm by his/her presence. For these reasons, if insiders volunteer their services to, or are recruited by, a foreign intelligence service, they can provide not only systems output such as printouts or magnetic media, but also specific information about the system. Insiders can also be co-opted or coerced to assist terrorists, drug traffickers, or other criminal elements or may be sympathetic to the goals of any of a broad array of nonstate actors.
This presentation will cover what has been done to thwart “insiders” but also what has been overlooked - in other words, we can’t see the forest for the trees.
Much like the BP Gulf Oil Spill - BP's Chief executive Tony Hayward told The Financial Times it was "an entirely fair criticism" to say the company had not been fully prepared for a deepwater oil leak. Hayward called it "low-probability, high-impact" accident. He also said “What is undoubtedly true is that we did not have the tools you would want in your tool-kit"
Question is - What do you say when you didn’t have the tools in your toolbox to deal with a "Low Probability, High Risk" breach to your business. Come participate in what will surely be a lively discussion.
