search menu icon-carat-right cmu-wordmark

Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations

Technical Note
In this report, the authors discuss the countermeasures that cloud service providers use and how they understand the risks posed by insiders.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2013-TN-030
DOI (Digital Object Identifier)
10.1184/R1/6572237.v1

Abstract

Throughout the third quarter of 2013, researchers in the CERT® Insider Threat Center, part of the Carnegie Mellon Software Engineering Institute, contacted commercial and government cloud service providers (CSPs) to better understand the administrative and technical risks posed by CSP insiders and the countermeasures that CSPs are considering and deploying to identify and mitigate insider attacks. Based on the insight obtained from participating CSPs, CERT researchers have examined how existing CSP insider threat management practices may be improved. Researchers also examined the CERT Division's Insider Threat Assessment workbooks to identify some data types useful for CSP security information and event management (SIEM) systems, specifically for mitigating insider threats. A table listing those identified data sources may be of use for CSPs adding logging, analysis, and alerts to their SIEM systems. This report contains observations obtained from interview and survey responses of participating CSP personnel, considerations for improving insider threat mitigation processes, and current challenges within the CSP community as observed by the Insider Threat Center team. 

Cite This Technical Note

Flynn, L., Porter, G., & DiFatta, C. (2014, January 8). Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations. (Technical Note CMU/SEI-2013-TN-030). Retrieved May 20, 2024, from https://doi.org/10.1184/R1/6572237.v1.

@techreport{flynn_2014,
author={Flynn, Lori and Porter, Greg and DiFatta, Chas},
title={Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations},
month={Jan},
year={2014},
number={CMU/SEI-2013-TN-030},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6572237.v1},
note={Accessed: 2024-May-20}
}

Flynn, Lori, Greg Porter, and Chas DiFatta. "Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations." (CMU/SEI-2013-TN-030). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, January 8, 2014. https://doi.org/10.1184/R1/6572237.v1.

L. Flynn, G. Porter, and C. DiFatta, "Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2013-TN-030, 8-Jan-2014 [Online]. Available: https://doi.org/10.1184/R1/6572237.v1. [Accessed: 20-May-2024].

Flynn, Lori, Greg Porter, and Chas DiFatta. "Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations." (Technical Note CMU/SEI-2013-TN-030). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 8 Jan. 2014. https://doi.org/10.1184/R1/6572237.v1. Accessed 20 May. 2024.

Flynn, Lori; Porter, Greg; & DiFatta, Chas. Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations. CMU/SEI-2013-TN-030. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6572237.v1