Additional Resources
Table of contents
Overview: Threats
Some additional things to consider when beginning to utilize the SIEM are what threats look like through a less technical view. One of the purposes the SIEM serves is managing what is known as the CIA triad revolving around data and data protection.
What is the CIA Triad?
The CIA stands for confidentiality, integrity, and availability. The CIA triad is a model that is designed to guide organizations with their data security. It is meant to be used as a tool that helps guide organizations as they build a security strategy and develop security policies.
Confidentiality
Confidentiality is the principle that ensures data and information are kept secret and secure from those that are not meant to know of or have access to. This is important because without assured privacy and security all data would be accessible to anyone at any given time.
With this principle, only those with authorized access will be able to access data that is secure. This principle helps guide individuals with securing data by implementing permissions, authentication, and authorization controls within their organization.
Integrity
Integrity is the principle the ensures data is consistent, accurate, reliable, and secure. Integrity ensures data in transit or at rest is not tampered with or modified in any way by any unauthorized individuals.
Availability
Availability is the principle that ensures data is available and accessible to authorized individuals while remaining secure and inaccessible for those without access.
What Are Insider Threats?
An insider threat is the potential for an inside person to use their authorized access or understanding of an organization to harm that organization. This can include malicious acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.
The following are behaviors/actions typical of insider threats:
- Espionage
- Terrorism
- Unauthorized disclosure of information
- Corruption, including participation in transnational organized crime
- Sabotage
- Workplace violence
- Intentional or unintentional loss or degradation of departmental resources or capabilities
Types of Insider Threats
Unintentional Threats - An insider who either acts with negligence or carelessness often fall under this category. These individuals do not attempt to create a risk on purpose or maliciously. But instead create an unintended risk by mistake. These mistakes are not always preventable as sometimes mistakes like mis-clicks can occur.
Intentional Threats - An insider who creates risk intentionally would fall under this category as the individual in this case is acting with malicious intent. The motivation is usually specific to the individual, but company sabotage is usually the end goal. For example, many insiders are motivated to “get even” due to unmet expectations related to a lack of recognition (e.g., promotion, bonuses, desirable travel) or even termination. Their actions include leaking sensitive information, harassing associates, sabotaging equipment, or perpetrating violence. Others have stolen proprietary data or intellectual property in the false hope of advancing their careers.
Other Threats - Insider threats can come in many forms, so it’s hard to create an exhaustive list. However, some other threats to be aware of include collusive threats and third-party threats.
- Collusive Threats are when more than one insider are working together with a similar goal of hurting the organization.
- Third Party Threats are threats who are from outside the company, with temporary access to the inside of the organization.
Mitigating Insider Threats
- Define - Determine what an insider is as well as the many forms it can take on
- Detect & Identify - Using both human and technological elements, monitor and identify potential threats
- Assess - Using all known information, follow the response plan that aligns with the scenario
- Manage - Continue to be proactive and manage a threat or potential threat