The Insider Threat: Combatting the Enemy Within

By Clive Blackwell

The insider threat poses a significant and increasing problem for organisations. The use of highly connected computers makes controlling information much more difficult than in the past. This is shown by the regular stories of data loss in the media such as the 25 million personal records mailed out by Revenue and Customs in the UK. This pocket guide sheds light on the key security issues facing organisations from insiders, enabling organisations to get up to speed.

• Language: English
• Publisher: itgovernance
• Release date: Apr 7, 2009
• ISBN: 9781849281362

Clive Blackwell

Clive Blackwell is a researcher at Royal Holloway, University of London, where his main field is security architecture.  He has developed a practical three-layer security architecture to model computer networks such as the Internet and other complex systems such as critical infrastructure.  He is currently applying the model to the insider threat within different business sectors, which has resulted in several academic papers.  Clive is a regular speaker on security at both academic and business conferences in the US and Europe as well as the UK.  He has recently been invited to give talks on the insider threat at two major business conferences. Clive received a scholarship for his PhD in network security at Royal Holloway.  It has the largest Information Security Group in the UK, and has more than 200 students from all over the world on its well-known MSc course.  He holds a degree in Mathematics from Warwick University and in Computer Science from Royal Holloway where he passed out top of his class, and an MSc in Information Security also from Royal Holloway.  He has about 20 publications to his name within the last two years.  He also runs his own IT security consultancy, Advanced Computer Services, so he is aware of the security issues facing business.

Book preview

978-1-84928-136-2

ABOUT THE AUTHOR

Clive Blackwell is a researcher at Royal Holloway, University of London, where his main field is security architecture. He has developed a practical three-layer security architecture to model computer networks such as the Internet and other complex systems such as critical infrastructure. He is currently applying the model to the insider threat within different business sectors, which has resulted in several academic papers. Clive is a regular speaker on security at both academic and business conferences in the US and Europe as well as the UK. He has recently been invited to give talks on the insider threat at two major business conferences.

Clive received a scholarship for his PhD in network security at Royal Holloway. It has the largest Information Security Group in the UK, and has more than 200 students from all over the world on its well-known MSc course. He holds a degree in Mathematics from Warwick University and in Computer Science from Royal Holloway where he passed out top of his class, and an MSc in Information Security also from Royal Holloway. He has about 20 publications to his name within the last two years. He also runs his own IT security consultancy, Advanced Computer Services, so he is aware of the security issues facing business.

PREFACE

The insider threat poses a significant and increasing problem for organisations. The use of highly connected computers makes controlling information much more difficult than in the past. This is shown by the regular stories of data loss in the media such as the 25 million personal records mailed out by Revenue and Customs in the UK. In addition, we do not know enough about the insider threat, as of course many attacks are unknown to their victims or are not made public. We intend to shed light on the key security issues facing organisations from insiders to get them up to speed quickly.

ACKNOWLEDGEMENTS

I would like to thank the two Angelas. I am grateful to Angela Sasse for asking me to present a master class at the insider threat conference at University College London in November 2008, which helped me to formulate the ideas expressed in this book. Secondly, I would like to express thanks to Angela Wilde for giving me the opportunity to write this book and for her patience in awaiting its completion.

CONTENTS

CHAPTER 1:

MODELLING THE INSIDER THREAT

What is the insider threat?

Insiders, by definition, have some level of access to organisational resources that can be misused for their own purposes. The proportion of attacks originating from insiders is debatable, but it is clearly significant. We believe that insiders can often cause great damage to an organisation because of their privileged access, knowledge of weaknesses and the location of valuable targets. The 2008 CSI Computer Crime and Security Survey and the 2008 Information Security Breaches Survey have somewhat different views on the importance of the insider threat.

Most attention has historically been given to external threats, as they are more visible and easier to remedy. Internal attacks are more difficult to discover and diagnose because the controls can be evaded by employees. Many organisations only recognise the problem from insiders after they have been affected.

We focus on the insider threat, but we should also