Information Security Education Journal Volume 2 Number 1 June 2015
39
• Train about the effective application of workstation and network security mechanisms
• Internalize and learn concepts that can be applied in real world scenarios of information technology sabotage, insider fraud and
IP theft.
Information technology Sabotage is the type of crime committed by a former or current employee, contractor, or business partner
who has authorized access to the organization’s data, systems or networks. The crime is committed when the insider misused or
exceeds the level of access to these assets with the intention to harm a specific individual, the organization’s data, reputation,
systems or disrupt daily business operations. An overview of the module is presented in Figure 2.
Theftof Intellectual property according the CERT Insider Threat Center is the most damaging and causes the greatest financial
losses to organizations suffering from these attacks. As an example from a case from the CERT database of insider threat, an
attack where a secret document was stolen cost the victim company almost $ 1 billion in R & D costs. Theft of intellectual
property is defined as the means by which an individual steals intellectual property from an organization using information
technology means. This includes industrial
espionage where an insider steals secret formulas, patents, or documents to take to
their next company or to a competitor. In 10 years of investigation CERT has classified insiders who commit IP theft as male in 94%
of the cases, scientists/engineers in 44%, and programmers in 10% of the cases.
This module attempts to train and teach the player the following concepts:
•
Learn about IP theft vector attacks, the consequences of these attacks and the vulnerabilities exploited by the attackers.
•
Understand the common attack pattern of IP theft attacks and the creation of policies to counteract these attacks.
•
Train about the effective application of workstation and network security mechanisms
•
The CyberCIEGE SDK, the Scenario Development Tool (SDT) and the Scenario Definition Language (SDL) will be used to
design the IP theft module. In the design of this module the vector attacks will be presented and the player will experience the
consequences of the attacks if in case he didn’t take the correct preventive mechanisms.
•
The module will end once a successful attack has been committed or when all the vulnerabilities have been addressed by the
player successfully. An overview of the module is presented in Figure 3.
Insider fraud is the use of IT for the purpose of modification, addition or deletion of the organization’s data (not systems or
programs) with the aim of personal gain. It is also the theft of information that leads to an identity crime (identity theft, credit card
fraud). Identity crime is the misuse of personal identifiers with the purpose of gain something of value or to facilitate other criminal
activities. According to the CERT insider threat center, fraud is the most prevalent crimes in their databases. Fraud crimes do not
cover just the financial sector. The primary motivation for fraud is financial gain. All the cases in the CERT database that involved
organized crime were related to the fraud cases. In organized fraud cases usually the information is sold to an outsider and it is this
person who commits the fraud.
The CyberCIEGE SDK, the Scenario Development Tool (SDT) and the Scenario Definition Language (SDL), is used to design the
insider fraud module. In the design of this module the vector attacks is presented and the player experience the consequences of
the attacks if in case he didn’t take the correct preventive mechanisms.
The module ends once a successful attack has been committed or when all the vulnerabilities have been addressed by the player
successfully. An overview of the module is presented in Fig.4.
One lab is built for each insider threat category and more hands-on labs can setup based on different scenarios.