Posted in Cyber ThreatsThreat Intelligence by Derek Smith on February 10, 2015

Last week’s blog discussed two of the four levels of insider threat. I wrote about pure insider threat and insider associate levels. This week, I will discuss the other two levels of insider threat – inside affiliate and outside affiliate – and go over how they differ. Remember, understanding these various levels can assist your organization in its efforts to implement the proper security controls within your organization.

To recap last week’s first two levels of insider threat, pure insider threat is an employee who has all the rights and access associated with being an employee and is the most dangerous level as they can cause the most damage based on their access. Also from last week’s blog is the insider associate level. These are individuals such as contractors, cleaning crew, or security guards who have limited authorized access to your organization’s facility or network, which gives them contact with important company information.

The last two levels of insider threat are inside affiliate and outside affiliate.

Inside Affiliate

An insider affiliate is a spouse, child, friend or client of an employee who uses an employee’s credentials to gain access. This can be as simple as a client coming to visit an employee and obtaining a badge that gives that person access to the facility. If the person goes to use the rest room and on the way wanders around looking at what is on people’s desks or computers, he/she could glean some sensitive information.

To prevent insider affiliate threats, the best measure is to implement policies and procedures that will control affiliate activities. Once these policies are in place, they should be explained to employees, and employees should be required to sign off that they understand them. Never assume that employees will always to the right thing. Improper behavior may not be intentional, but it can still be devastating.

Outside Affiliate

Outside affiliates are non-trusted outsiders who use open access, such as wireless service, to gain access to a company’s resources. If the company happens to have an unprotected access point, and the outside affiliate is sitting across the street at a coffee shop, he/she could connect to the company’s wireless connection. Although this may seem obvious, many companies still overlook this threat.

To protect against the outside affiliate threat, a company needs to ensure it has proper access controls in place for all types of access, including virtual and physical.

The key thing to remember when dealing with these four types of insider threat is that they have access and in most cases will exploit the weakest link that gives them the greatest chance of access to your sensitive information, while minimizing the chances of being caught. It is the company’s job to ensure proper controls are in place to minimize these threats.

Cole, E., and Ring, S. (2006). Insider threat, protecting the enterprise from sabotage, spying and theft. Rockland: Syngress.

 


Comments

Great article, i enjoyed reading it, it has all the information one needs,i need best research writing services for my next project please help me,thanks for the article,love it

Reply
06/26/2016 5:05am

I'd personally declare that will this is the a terrific article of an wonderful man or woman, i am just very happy to discover this specific.

Reply
06/28/2016 5:09pm

Pretty section of content. I just stumbled upon your website and in accession capital to assert that I acquire actually enjoyed account your blog posts. Anyway I will be subscribing to your feeds and even I achievement you access consistently quickly.

Reply
07/12/2016 4:55am

Decent Blog post, My group is a good believer on advertisment observations at online sites to help you allow web log people know they’ve applied a product favorable to help you the online world!

Reply
07/28/2016 1:07pm

It is appropriate time to make some plans for the future and it's time to be happy. I've read this post and if I could I desire to suggest you few interesting things or advice. Maybe you can write next articles referring to this article. I wish to read more things about it!

Reply
09/10/2016 12:57am

When i got onto your blog site though putting attention simply just a little bit submits. Pleasant strategy for future, I will be bookmarking at a time get ones finish springs up.

Reply
09/10/2016 2:25am

My partner and i only want to tell you that we merely have a look at your internet site and also My partner and i believe it is extremely intriguing and also useful..

Reply
09/17/2016 11:54pm

There are plenty of dissertation online websites from the internet reside pick up unsurprisingly known in the websites.

Reply
09/20/2016 1:50am

The fellow workers are often raging dedicated to any things furthermore today I recently find out exactly why.

Reply
09/20/2016 6:08am

Which looked on away from your site considering Having to do with throughout learned so much relating to could be content pieces.

Reply
10/03/2016 3:52am

I am looking for and I love to post a comment that "The content of your post is awesome" Great work!

Reply
10/29/2016 4:09am

Your site fantastic, superior quality succeed... Most probably various should realize others despite that they don't take time to advise you.

Reply

Great article which contains a detailed explanation about the different levels of cyber threats. It gives a good idea about the inside affiliate as well as the outside affiliate which are the last two levels of insider threat. This content will help a lot of companies for their safety operations.

Reply

Thanks for sharing information about cyber threats in detail. Your article is really impressive and meaningful.

Reply
01/05/2017 2:36am

Cyber security plays a vital role in today’s business environment. I have gone through this article of Derek Smith, an expert in cyber security and it gives me detailed information regarding cyber threats and security. Thanks to this article and waiting for more updates from it.

Reply
01/08/2017 10:28am

In the event that you have pronounced either sort of chapter 11 however had no home on hold at the season of documenting, then getting a home advance can be entirely extreme in light of the fact that your financial soundness is at its most minimal point.

Reply
02/20/2017 11:51pm

I am blogging frequently & I really appreciate your information. This great article has truly peaked my interest.

Reply
03/03/2017 12:53pm

I've perused this post and on the off chance that I might I be able to yearning to propose you few intriguing things or exhortation. Possibly you can compose next articles alluding to this article. I wish to peruse more things about it!

Reply



Leave a Reply

    Author

    I am an expert on cyber security and business leadership with doctoral level training.  I am also an author, speaker and trainer.

    Archives

    April 2015

    Categories

    All
    Cyber Security

    View my profile on LinkedIn