Insider Threat Controls and Demonstrations

Organizational Security Resilience Management Governing for Enterprise Security
Information Security Assessments and Evaluations OCTAVE^®
Threat Analysis and Modeling Insider Threat

Publications Catalog Historical Documents

Insider Threat Control Demonstration: IT Sabotage - Outsider Collusion

This video demonstrates the control in Using a SIEM Signature to Detect Potential Precursors to IT Sabotage (pdf).

Abstract: This paper describes the development and proposed application of a Security Information and Event Management (SIEM) signature to detect possible malicious insider activity leading to IT sabotage. In the absence of a uniform, standardized event logging format, this paper presents the signature in two of the most visible public formats, Common Event Framework (CEF) and Common Event Expression (CEE). Because of the limitations of these formats, the SIEM described in this paper employs an operational version of the proposed signature in an ArcSight environment.

Back to Insider Threat Controls

Insider Threat Demonstrations

Get the Flash Player to see this player.

Insider Threat Controls

Related Resources

Insider Threat Blog

more...

Podcasts

Indicators and Controls for Mitigating Insider Threat

more...

Contact Us

We welcome your feedback. Contact us at the following email address if you have questions or comments, if you are interested in collaborating with us, or if you would like more information: