Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Management Strategies

09:47 AM
Connect Directly

The other week, the open source community enthusiastically welcomed a court ruling that set a strong precedence for open source licensing. Not

Secret Service and Carnegie Mellon's Software Engineering Institute release insider-threat study.

Financial institutions are full of insiders. That's why the Secret Service National Threat Assessment Center (NTAC) and the CERT Coordination Center (CERT/CC) of Carnegie Mellon University's Software Engineering Institute conducted a behavioral and technical study of insiders who committed crimes using information technology.

The study examined 23 incidents that occurred between 1996 and 2002. Here are some of the findings and recommendations:

Findings: Most incidents required little technical sophistication.

Recommendations: Secure networks from the full range of users. Use mandatory password protection and policies to prevent insiders from using another employee's computer to carry out an attack.

Findings: Perpetrators planned their actions.

Recommendations: Security personnel and others can stop insiders before an incident occurs. Encourage employees to report suspicious behavior, such as attempts to bypass technical safeguards. Widespread employee awareness of the consequences of computer crime can also stave off attacks.

Findings: Financial gain motivated most perpetrators.

Recommendations: Establish organizational designs to ensure appropriate oversight of insider activity. Conduct auditing and take steps to ensure the integrity of financial-related data.

Findings: Perpetrators did not share a common profile.

Recommendations: Even well-respected, non-technical people commit computer crime, but background checks may be valuable.

Findings: Incidents were detected by various methods and people.

Recommendations: Establish a formal process for employees to report suspected abuses. Detection and assessment often requires manual diagnosis and analysis.

Findings: Perpetrators committed acts while on the job.

Recommendations: Workforce education can reduce insider risk. Be careful when providing remote access to critical data or systems, and perform frequent auditing and logging when necessary.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.