Todd Lewellen scite author profile

vii AbstractUniversal serial bus (USB) storage devices are useful for transferring information within an organization; however, they are a common threat vector through which data exfiltration can occur. Despite the threat, many organizations feel that the utility of USB storage devices outweighs the potential risks. Implementing controls to track the use of these devices is necessary if organizations wish to retain sufficient situational awareness and auditing capabilities to detect data theft incidents.This report presents methods to audit USB device use within a Microsoft Windows environment. Using various tools-the Windows Task Scheduler, batch scripts, Trend Micro's OSSEC hostbased intrusion-detection system (HIDS), and the Splunk log analysis engine-we explore means by which information technology (IT) professionals can centrally log and monitor USB device use on Microsoft Windows hosts within an organization. In addition, we discuss how the central collection of audit logs can aid in determining whether sensitive data may have been copied from a system by a malicious insider.

show abstract

Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time

Lewellen¹,

Silowash²,

Costa³

2013

View full text Add to dashboard Cite

show abstract

Spotlight On: Insider Threat from Trusted Business Partners. Version 2: Updated and Revised

Lewellen¹,

Moore²,

Cappelli³

et al. 2012

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Silowash

Lewellen²

2013

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Todd Lewellen

Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time

Spotlight On: Insider Threat from Trusted Business Partners. Version 2: Updated and Revised

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Contact Info

Product

Resources

About