Insider Threat Study: Illicit Cyber Activity Involving ...
Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector
Adam Cummings Todd Lewellen David McIntire Andrew P. Moore Randall Trzeciak
July 2012
SPECIAL REPORT CMU/SEI-2012-SR-004
CERT Program
Copyright 2012 Carnegie Mellon University. This material is based upon work funded and supported by the United States Department of Homeland Security Science and Technology Directorate under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Homeland Security or the United States Department of Defense. This report was prepared for the Contracting Officer ESC/CAA 20 Shilling Circle Building 1305, 3rd Floor Hanscom AFB, MA 01731-2125 NO WARRANTY THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and "No Warranty" statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. CERT? is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.
SEI markings v3.2 / 30 August 2011
Table of Contents
Foreword
v
Acknowledgments
vi
Executive Summary
vii
Abstract
xi
1 Introduction
1
1.1 Terms and Definitions
1
1.2 Related Empirical Research
2
1.2.1 Surveys
2
1.2.2 Simulations
3
1.2.3 Case Studies and Other Empirical Research
3
1.3 Theory Related to the Insider Threat
5
2 Research Method
6
2.1 Case Identification and Selection
6
2.2 Coding Method and Database Description
7
2.3 Modeling and Analysis Approach
8
3 Crime Profile and Findings
9
3.1 Subject and Crime Description
9
3.2 FINDING ONE: Criminals who executed a "low and slow" approach accomplished more
damage and escaped detection for longer.
12
3.2.1 Description
12
Case Example #1
15
3.2.2 Conclusions / Recommendations
15
3.3 FINDING TWO: Insiders' means were not very technically sophisticated.
16
3.3.1 Description
16
Case Example #2
18
Case Example #3
19
3.3.2 Conclusions / Recommendations
19
3.4 FINDING THREE: Fraud by managers differs substantially from fraud by non-managers by
damage and duration.
20
3.4.1 Description
20
Case Example #4
22
Case Example #5
22
3.4.2 Conclusions / Recommendations
22
3.5 FINDING FOUR: Most cases do not involve collusion.
23
3.5.1 Description
24
Case Example #6
25
3.5.2 Conclusions / Recommendations
25
3.6 FINDING FIVE: Most incidents were detected through an audit, customer complaints, or
co-worker suspicions.
25
3.6.1 Description
26
Case Example #7
27
3.6.2 Conclusions / Recommendations
27
3.7 FINDING SIX--Personally identifiable information (PII) is a prominent target of those
committing fraud.
27
3.7.1 Description
28
CMU/SEI-2012-SR-004 | i
Case Example #8
31
3.7.2 Conclusions / Recommendations
31
4 Fraud Dynamics
32
4.1 System Dynamics
32
4.2 Fraud Triangle
33
4.3 Manager Model
35
4.4 Non-Manager Model
38
5 Strategies for Prevention, Detection, and Response
41
5.1 Behavioral and Business Process Recommendations
43
5.2 Monitoring and Technical Recommendations
44
6 Conclusion and Next Steps
46
6.1 Considerations for Insider Threat Program Implementation
46
6.2 Identify Technical Gaps
47
6.3 Conclusion
48
6.4 Next Steps
48
Appendix A: The Insider Threat Center at CERT
49
Appendix B: The Structure of the CERT Insider Threat Database
51
Appendix C: Other Insider Threat Concerns in the Financial Sector
54
Bibliography
58
CMU/SEI-2012-SR-004 | ii
List of Figures
Figure 1: Number of Insider Fraud Cases by Age
9
Figure 2: Average and Median Actual and Potential Damage (in Dollars)
10
Figure 3: Comparison of Damages for Internal and External Cases
11
Figure 4: Average and Median Sentence Outcomes (in Years)
12
Figure 5: Average Timeline of a Case (in Months)
13
Figure 6: Damages Compared to Crime Duration
14
Figure 7: Insider Position Types
17
Figure 8: Actual Damages by Position Type
20
Figure 9: Cases by Type of Collusion
24
Figure 10: PII and Non-PII Cases by Type of Subject
28
Figure 11: Average and Median Damage by PII and Non-PII Cases
29
Figure 12: Level of Seniority in Cases Involving PII
30
Figure 13: System Dynamics Notation
33
Figure 14: Fraud Triangle
34
Figure 15: Manager Model
36
Figure 16: Non-Manager Model
39
Figure 17: High-Level Structure of the CERT Insider Threat Database
51
CMU/SEI-2012-SR-004 | iii
List of Tables
Table 1: Comparison of Damage and Crime Duration by Non-managers
21
Table 2: Comparison of Crimes by Their Involvement of PII
30
Table 3: Comparison of Fraud by Managers and Non-Managers
40
Table 4: Summary of Recommended Controls
42
Table 5: Organization Information Collected
52
Table 6: Subject Information Collected
52
Table 7: Incident Information Collected
53
CMU/SEI-2012-SR-004 | iv
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- insider threat study illicit cyber activity involving
- financial inclusion measuring progress nov19 imf
- access to financial services in botswana cgap
- request for information regarding consumer access to
- bangladesh financial inclusion insights by intermedia
- what are cdfi s
- access to financial services via rural and community banks
- access to financial services in rural areas market
- financial services for the rural poor
- unaudited financial statements
Related searches
- sap insider conference 2019
- sap insider las vegas 2019
- sap insider conference 2020
- sap insider grc 2019
- sap insider 2019
- sap insider conference
- sap insider financials 2019
- sap insider las vegas
- study skills activity worksheets
- microsoft edge insider builds
- sap insider financials 2020
- market insider earnings calendar