Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase 1

In early 2013, researchers in the CERT (registered trademark) Insider Threat Center contacted commercial and government cloud service providers (CSPs) about participating in research to gain a preliminary understanding of implemented administrative and technical controls that they are using to ident...

Full description

Saved in:
Bibliographic Details
Main Author: Porter, Greg
Format: Report
Language:English
Subjects:
ADMINISTRATIVE CONTROLS
AUDIT CONTROLS
AUDITING
CLOUD COMPUTING
CLOUD SERVICE PROVIDERS
COMPUTER ACCESS CONTROL
COMPUTER NETWORK SECURITY
Computer Systems
Computer Systems Management and Standards
CRYPTOGRAPHY
CYBERSECURITY
DATA ENCRYPTION
ENTERPRISE SECURITY PRACTICES
Information Science
INFORMATION SECURITY
INSIDER RISK MANAGEMENT
INSIDER THREAT CONTROLS
INSIDER THREAT MANAGEMENT
INTERVIEWS
KEY MANAGEMENT
MALICIOUS INSIDERS
MANAGEMENT PLANNING AND CONTROL
MOBILE DEVICE MANAGEMENT
MONITORING
OBSERVATION
POLICIES
RISK ANALYSIS
RISK MANAGEMENT
SECURITY AWARENESS
SECURITY TRAINING
SURVEYS
TECHNICAL CONTROLS
THREAT IDENTIFICATION
THREATS
TRAINING
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In early 2013, researchers in the CERT (registered trademark) Insider Threat Center contacted commercial and government cloud service providers (CSPs) about participating in research to gain a preliminary understanding of implemented administrative and technical controls that they are using to identify and manage the threats posed by insiders. These CSP participants provided frank and meaningful insight about their insider threat management programs and enterprise security practices. This report contains the observations obtained from interviewing the CSP personnel who volunteered to participate as well as an analysis of CSP management of insider threats based on the information obtained in interviews, observations of implemented insider threat controls, and risk considerations. Sponsored in part by the Department of Homeland Security (DHS) Federal Network Resilience (FNR) Division.