Having the right log and access management tools in place - and not all tools are used by all agencies at all times - doesn't mean that the proper authorities are alerted in a timely manner to activities that could jeopardize the nation's security.
Maintaining accurate logs of systems' activities is crucial in helping catch insiders who threaten an organization's digital assets, says George Silowash, co-author of the Common Sense Guide to Mitigating Insider Threats.
CERT Technical Manager Dawn Cappelli tells a tale of how three individuals, who unexpectedly quit their jobs at a law firm, used a free cloud service to sabotage files containing proprietary client information from their former employer.
Cloud computing providers must step up and develop approaches to prevent their employees from stealing or harming customer data they host, say two experts from Carnegie Mellon University's CERT Insider Threat Center.
Today's spear-phishing campaigns are localized, small and can slip through typical spam filters. As a result, detection practices have to evolve, says researcher Gary Warner of the University of Alabama at Birmingham.
Understanding big data is not the problem, say Michael Fowkes and Aaron Caldiero of Zions Bank. Figuring out how to use the information contained within big data in a meaningful way - that's the trick.
From managers who steal to innocent employees who are duped, the insider threat is evolving. Researchers Dawn Cappelli and Randy Trzeciak share their latest insight on malicious and accidental insider risks.
Intrusion detection is challenging for most organizations, and hackers' ever-increasing skill to evade monitoring tools only compounds the problem. But Zions Bank's Michael Fowkes says big data can help.
An evolving concept known as "intelligent security" involves using a combination of technologies to detect threats, helping security professionals become more proactive. Learn how pioneers are using the new approach.
The kind of detailed data analysis that helped statistician Nate Silver predict accurately the outcome of the U.S. presidential election could help enterprises using cloud-based SIEM to identify vulnerabilities, says Cloud Security Alliance's Jens Laundrup.
Washington has become the third state to pass legislation incorporating the Payment Card Industry Data Security Standard (PCI) to help financial institutions recover costs from credit/debit card breaches.