Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources

Silowash, George J; King, Christopher R.

doi:10.21236/ada610587

Cited by 12 publications

(10 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many access mechanisms, such as universal serial bus (USB) drives or bring your own device (BYOD) technologies [21], allow for work mobility but may be used to steal intellectual property. [34] Here, the best advice of "awareness within the organization and at home" is unavailing, as "nothing will stop a determined user from clicking a link or installing something" [22] once they have determined a path forward-especially when that path includes intentional deceit.…”

Section: Data Loss According To Internal and External Stakeholders Lmentioning

confidence: 99%

Technological and Information Governance Approaches to Data Loss and Leakage Mitigation

Taal¹,

Le²,

Leon³

et al. 2017

csit

View full text Add to dashboard Cite

show abstract

Section: Data Loss According To Internal and External Stakeholders Lmentioning

confidence: 99%

Technological and Information Governance Approaches to Data Loss and Leakage Mitigation

Taal¹,

Le²,

Leon³

et al. 2017

csit

View full text Add to dashboard Cite

show abstract

“…Sources, the use of removable media presents unique problems to the enterprise since insiders can use such media to remove proprietary information from company systems [1]. Insiders may do this for legitimate reasons, such as to work on material at home, or they may do so for malicious reasons, such as to steal intellectual property.…”

Section: As Discussed In a Prior Software Engineering Institute (Sei)mentioning

confidence: 99%

“…® CERT is a registered trademark owned by Carnegie Mellon University. 1 We discuss OSSEC further in Section 2.5, and we present background about and uses for Splunk in Section 5.…”

Section: As Discussed In a Prior Software Engineering Institute (Sei)mentioning

confidence: 99%

“…As discussed in a prior SEI report titled Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources, Windows-based systems have a built-in method to audit USB events based on changes to the registry [1]. However, without sifting through registry keys, it is difficult to use this method to quickly ascertain which USB devices were used on a system.…”

Section: Conduct Windows Usb Device Auditing With Scriptsmentioning

confidence: 99%

See 1 more Smart Citation

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Silowash¹,

Lewellen²

2013

Self Cite

View full text Add to dashboard Cite

vii AbstractUniversal serial bus (USB) storage devices are useful for transferring information within an organization; however, they are a common threat vector through which data exfiltration can occur. Despite the threat, many organizations feel that the utility of USB storage devices outweighs the potential risks. Implementing controls to track the use of these devices is necessary if organizations wish to retain sufficient situational awareness and auditing capabilities to detect data theft incidents.This report presents methods to audit USB device use within a Microsoft Windows environment. Using various tools-the Windows Task Scheduler, batch scripts, Trend Micro's OSSEC hostbased intrusion-detection system (HIDS), and the Splunk log analysis engine-we explore means by which information technology (IT) professionals can centrally log and monitor USB device use on Microsoft Windows hosts within an organization. In addition, we discuss how the central collection of audit logs can aid in determining whether sensitive data may have been copied from a system by a malicious insider.

show abstract

“…But really only two of these are 'real' Registry keys. The others are aliases to branches within one of the two hives as [13][14][15][16][17][18] Windows Registry stores these data on a disk in several hive files. Just like a file system, Registry hive files contain clusters of data.…”

Section: Windows Registry Structurementioning

confidence: 99%

Fuzzy Crime Investigation Framework for Tracking Data Theft based on USB Storage

Neil¹,

Elmogy²,

Riad³

2013

IJCA

View full text Add to dashboard Cite

Since the lives of the persons are on the edge after being convicted in digital crimes. The main goal of digital forensics is to extract accurate evidence which determines whether the convict is guilty or not. The recent challenge is due to the big size of data that the investigator may deal with. These data stored in unnoticeable tiny devices such as USB sticks which may lead to a muddled decision because of the tediousness of the investigation. Fortunately, in Windows Operating systems, all users' transactions are stored in a central point which is known as Windows Registry. It stores all hardware and software configurations, user activities, and transactions. Therefore, digital forensics based on Windows registry is considered as a hot research field. This paper presents a proposed framework for digital crime investigation based on Fuzzy logic. It helps the investigator in the decision making phase about the evidence. This deals with the extracted evidence from relevant Windows Registry keys. Also, tracking the usage of USB devices for data theft was presented. Finally the proposed framework was tested on a simulated case study.

show abstract

Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources

Cited by 12 publications

References 1 publication

Technological and Information Governance Approaches to Data Loss and Leakage Mitigation

Technological and Information Governance Approaches to Data Loss and Leakage Mitigation

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Fuzzy Crime Investigation Framework for Tracking Data Theft based on USB Storage

Contact Info

Product

Resources

About