The Advanced Research and Development Activity (ARDA) within the U.S. intelligence community (IC) has several research “thrusts,” including one on advanced Information Assurance (IA) headed by Richard C. Brackney. On March 2–4, 2004, an unclassified workshop was held at the offices of McAfee Security (a division of Network Associates, Inc.) in Rockville, MD. The topic was “Understanding the Insider Threat.
.Praise for Enemy at the Water Cooler
“Brian Contos has created what few security specialists can claim: a truly readable book about the threats to our businesses from insiders who know how to attack the critical components of modern business, the computers, applications and networks that make it all work. During the last ﬁfteen years we have witnessed incredible strides in network centric business processes that have spawned the productivity of our workforce and the globalization of our supply chains.
The first printing of the First Edition appeared at the Las Vegas Interop in May, 1994. At that
same show appeared the first of many commercial firewall products. In many ways, the field has
matured since then: You can buy a decent firewall off the shelf from many vendors.
The problem of deploying that firewall in a secure and useful manner remains. We have
studied many Internet access arrangements in which the only secure component was the firewall
itself—it was easily bypassed by attackers going after the "protected" inside machines.
The air pollution accumulating in the interior
of automobiles consists almost exclusively of gaso-
line and diesel exhaust. This toxic soup of gases,
aerosols, and microscopic particles includes ben-
zene (a known carcinogen), carbon monoxide
(which interferes with the bloods ability to trans-
port oxygen), particulate matter (which studies
have associated with increased death rates), and a
host of other hazardous chemicals.
Oracle Audit Vault is an enterprise-class audit consolidation and management solution that
enables organizations to simplify compliance reporting, proactively detect threats, reduce costs,
and secure audit data. Faced with numerous regulatory mandates and increasing concerns about
insider threats, organizations are utilizing database audit data as an important security measure,
enforcing the trust-but-verify principle.
Alternatively, a DBMS client can submit DBMS commands that reference SQL stored procedures. These stored
procedures translate the request into commands that the SAS servers that are running on the DBMS head node execute.
Again, when these SAS jobs reference SAS formats, scoring models, or procedures that run inside the DBMS, they
execute on the DBMS data nodes.
The capability for SAS servers to run inside the DBMS results in a very powerful and flexible environment. SAS solutions
are built on top of these servers.
Insider attacks pose an often neglected threat scenario when
devising security mechanisms for emerging wireless technologies.
For example, traffic safety applications in vehicular
networks aim to prevent fatal collisions and preemptively
warn drivers of hazards along their path, thus preserving
numerous lives. Unmitigated attacks upon these networks
stand to severely jeopardize their adoption and limit the
scope of their deployment.
Intrusion detection systems and vulnerability scanners provide an additional layer of network security.While ﬁrewalls permit
or deny trafﬁc based on source, destination, port, or other criteria, they do not actually analyze trafﬁc for attacks or search
the network for existing vulnerabilities. In addition, ﬁrewalls typically do not address the internal threat presented by
Privacy threats can easily come from outside an organization—competitors, market researchers, and even social action groups can beneﬁt
from obtaining another organization’s proprietary information. In many cases, such groups will work with people inside the organization
and plot to steal trade secrets or customer lists. Researchers can use extreme means to ﬁnd out about operations or business plans.
Even before the events of September 11, 2001, threat assessments suggested that the United States should prepare to respond to terrorist attacks inside its borders. This report documents research into the use of military medical assets to support civil authorities in the aftermath of a chemical, biological, radiological, nuclear, or conventional high expl