Hey guys,
If you haven’t read the previous articles here they are:-
So, moving onto module 9 and the FINAL MODULE!!!!
So, what are we covering in the final module?
- Introduction to Insider Threats
- Insider Threats
- Types of Insider Threats
- Driving Force Behind Insider Attacks
- Common Attacks Carried Out by Insiders
- Importance of Handling Insider Attacks
- Preparation for Handling Insider Threats
- Preparation Steps to Handle Insider Threats
- Detecting and Analysing Insider Threats
- Indicators of Insider Threats
- Detecting Insider Threats
- Detecting Insider Threats: Mole Detection and Profiling
- Detecting Insider Threats: Behavioural Analysis
- Log Analysis
- Network Analysis
- System Analysis
- System Analysis: Search for Removable Media
- System Analysis: Search for Browser Data
- Database Analysis
- Database Analysis: Examine Microsoft SQL Server Logs
- Database Analysis: Collecting Volatile Database Data
- Database Analysis: Using DBCC LOG Command
- Physical Security Analysis
- Insider Threat Detection Tools
- Containment of Insider Threats
- Eradication of Insider Threats
- Eradicating Insider Threats
- Eradicating Insider Threats: Human Resources
- Eradicating Insider Threats: Network Security
- Eradicating Insider Threats: Access Controls
- Eradicating Insider Threats: Privileged Users
- Eradicating Insider Threats: Audit Trails and Log Monitoring
- Eradicating Insider Threats: Physical Security
- Recovery after Insider Attacks
- Recovering from Insider Attacks
- Best Practices Against Insider Threats
- Best Practices Against Insider Threat
- Insider Threat Prevention Tools
Insider threats are more devastating because trusted people are involved, such as employees, third parties, contractors, or customers who have privileged access to various resources.
Insiders can use their authorized privileges to directly misuse resources, affecting the confidentiality, integrity, and availability of information systems.
Malicious insider activities may impact business operations and damage both the organization’s reputation and profits.
In this final module we have two labs.
Lab 1
Detecting Insider Threats Using ActivTrak Employee Monitoring Solution
ActivTrak offers employee monitoring with productivity measurements.
ActivTrak captures and records activity logs and screenshots from your monitored workstations; it controls your devices to implement and maintain any compliance needs by keeping your systems compliant with or without screenshots, ActivTrak Image Redaction protects your organization’s sensitive information.
ActivTrak offers reports and easy-to-configure controls, giving your organization the power and information needed to analyse and replicate productive workflows across the organization.
You can manage productivity levels throughout your company from your ActivTrak admin panel.
ActivTrak also assists in blocking malicious websites, creating alarms to notify you of suspicious activities, and monitor web and app traffic and usage to know who’s doing what, allowing you to better safeguard your organization.
Lab 2
Detecting Insider Threats Using ObserveIT and Ekran System
Detection of insider threat is of paramount importance; detecting these threats at an early stage helps safeguard organizational assets.
ObserveIT enables organizations to quickly identify and eliminate insider threats. It is an insider threat management solution that provides organizations with “eyes on the endpoint” and the ability to continuously monitor user behaviour.
Ekran System provides visibility and control over third-party service providers and employees.
And now for some mock exams, final studying and booking the test… wish me luck.
Regards
Alex