|
Design Insider Threat Hands-on Labs3. Related Work
Currently, there are various hands-on labs for information assurance concepts other than insider threat, such as network
security ( Tao at el., 2010), secure programming (Chi et al., 2013), secure web-programming, mobile security(Claycomb et al.,
2012),Cloud security (Simmons et al., 2012) and applied security(Zeng, 2013). But is it hard to find few training hands-on labs
(for insider threat and how to migrant such threat. Real-world examples are everywhere, from Manning to Edward Snowden.
According to the Intelligence and National Security Alliance (INSA) and Cyber Council- Insider Threat Task Force report of
September 2013, Insider threat programs have been formally established at the federal government agencies level. Executive
Order 13587, Structural Reforms to Improve the Security of Classified Networks and Responsible Sharing and Safeguarding of
Classified Information signed in 2011 and the National Insider Threat Policy and Minimum Standards for Executive Branch
Insider Threat Programs signed in 2012 are two standard programs working in federal agencies that handle classified information
(
http://www.insaonline.org
). INSA has also discovered in its report that there are no standards, mandates or benchmarks in the
private sector to deal effectively with insider threats. Much of the nation’s technology infrastructure is held by private
companies and also private company partner with federal agencies to conduct very sensitive work. Insider threats in the private
sector can be very damaging to the nation’s well-being. The major findings in this report are that most of the companies have an
insider threat program that it is only technology related where they have tools that monitor workstations or networks to detect
suspicious traffic activities. However experts conclude that an effective insider threat program should cover technical and non-
technical indicators concerning the whole organization. The insider is a person so there needs to be a program that detects
anomalous, suspicious, or concerning non-technical behavior as well as technical tools to detect misuse, stealing or destroy of
sensitive digital information. Another important finding in this report is that most companies have detection tools but only a few
mentioned prevention programs. This introduction is to have a general view of the maturity of insider threat programs in both
the private and federal sectors. Based on hundreds of published real-world insider threat incidents, the 13 Essential Elements
have been pointed out by INSA.(
http://www.insaonline.org/insiderthreat
). More hands-on can be set-up based on those basic
elements.
|
| |
