Insider Threat Attributes and Mitigation Strategies
基于CERT数据库总结了内部威胁的七个常见属性(不包括间谍活动),并映射到产品应具备的特征,帮助组织选择检测、预防或缓解内部威胁的解决方案。
Malicious insiders pose a threat to the confidentiality, integrity, and availability of an organization’s information. Many organizations look for hardware and software solutions that address insider threats but are unsure of what characteristics to look for in a product. This technical note presents seven common attributes of insider threat cases, excluding espionage, drawn from the CERT® Division’s database. The note maps the seven attributes to characteristics insider threat products should possess in order to detect, prevent, or mitigate the threat. None of these attributes alone can identify a malicious insider. Rather, each attribute is one of many data points that an organization should consider when implementing an insider threat program.