This is a collection of session proceedings, documents and links to web pages that are relevant to the topics discussed at the ESAF Mid-Year Meeting, which was held on October 16, 2007 at Bell Labs in Murray Hill, New Jersey. The theme for this meeting was “Know Your Enemies, Know Your Friends.”
This page is intended as a resource for ESAF participants to capture the valuable information shared at the meeting, as well as any related reports or studies that senior executives in information security would find useful. All of the materials have been prepared or recommended by Program Management, the Program Committee or ESAF participants.
Proceedings
The Insider Threat: An Analysis of Real-World Cases and Best Practices for Prevention
The Security and Privacy Partnership
The Latest Global Threats: Identifying, Measuring and Defending Against Them
Documents Relevant to Meeting Topics
Common Sense Guide to Prevention and Detection of Insider Threats (43 pages)
This document describes best practices for mitigating insider threats and is based on the insider threat research conducted by Carnegie Mellon University Software Engineering Institute’s CERT® Program in conjunction with the U.S. Secret Service and the Department of Defense.
ECrime Watch Survey 2007 Summary (23 pages)
This document summarizes the results of the annual ecrime watch survey conducted with the U.S. Secret Service, Carnegie Mellon University Software Engineering Institute’s CERT® Program and Microsoft Corp. The survey polled security executives and law enforcement officials on a variety of security topics, including commitment to security, the source of ecrimes, the top ecrimes, and methods of attack.
The Symantec Internet Security Threat Report (134 pages)
This document provides a six-month update of Internet threat activity, including an analysis of network-based attacks, known vulnerabilities, malicious code, and trends in phishing and spam activity. It will alert readers to current trends and impending threats and also offer recommendations for protection against and mitigation of these concerns. This volume covers the six-month period from January 1 to June 30, 2007.
Insider Threat Study: Computer Sabotage in Critical Infrastructure Sectors (45 pages)
This document examines cases of insider incidents that have occurred in critical infrastructure sectors such as information and telecommunications, transportation, defense, energy, food, and banking and finance. It focuses on cases in which the perpetrator’s primary goal was not personal gain, but rather to sabotage the organization or cause harm towards specific individuals. Through analyzing the characteristics of these insiders, their motives, and their actual attacks, this study provides insight into the implications for security and provides recommendations for mitigating the insider threat. This report is part of the Insider Threat Study being conducted by the U.S. Secret Service and CERT.
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (25 pages)
This document examines insider incidents carried out in the banking and finance sector. Included are cases of fraud, theft of intellectual property and information system sabotage. The study lays out seven key findings that were discovered through the analysis of the cases and discusses the implications that these findings have for the security of banking and finance operations. This is the first report of the Insider Threat Study being conducted by the U.S. Secret Service and CERT.