organizations, employees and computer crimes
advertisement
ORGANIZATIONS, EMPLOYEES AND COMPUTER CRIMES PhD student Dana Ramona ANDRIŞESCU, Doctoral School of Economy, Alexandru Ioan Cuza University, Iaşi E-mail: dana.ramona@yahoo.com Abstract Computer crimes are evolving at a fast pace along with the development of technologies. Not only their number is rising but also their complexity and number of persons involved. Both individuals and organizations face a new type of threat, that of electronic crime done using the Internet and the available information and communication technologies. Organizations have to deal with employees when the security policies are broken, when crimes have been done or something wrong is about to happen. In this paper we will try to show the types of computer crimes employees can do in an organization by using its resources. Employers face many losses like money, resources, time, and clients and so on. That is why we are going to present the basic means of protection for an organization to take when dealing with disgruntled employees. Once security policies established, the organization has to make sure they are respected all the time and make employees be aware of the dangers they are facing, not only because of their own wrong doings but also as victims. We will also show that in order to prevent computer crimes employees must be trained on information security, on consequences of their actions, the information they are allowed to use and what dangers are facing when using a computer and especially one connected to the Internet. The predisposition to crimes comes from inside every individual but also because there are external factors that are influencing him or her and that is why we will see which factors of influence determine the criminal personality. Keywords Organization, employee, attacks, computer crimes, security 1. INSIDER THREAT Information and computer security has become an important issue for any organization that wants to preserve clients, suppliers, employees, resources and have a fruitful activity. We know that many consider this as an easy thing to do, but in reality, due to employees and their wrongdoings, security becomes vital. Knowing how to deal with people and use the appropriate technologies for protection means the survival of the organization. An organization loses data because of employees who can throw or delete data and documents by mistake, steal storage devices, launch attacks from inside or outside the organization or are victims of other cyber criminals. Together with the data loses; organizations lose good employees, expensive and important devices, money, clients, suppliers, investments and so on. In this paper we are going to see what insider threat is all about, what attacks can be launched by insiders and some basic measure to protect against employees and other intruders. In today’s organizations, computers have become an important factor for success. Using them in the best way possible makes a successful business. The most losses coming from wrongdoings using the computer come from inside, from disgruntled employees, exemployees, or sites which distribute sensitive information about an organization’s internal dealings. With all the security measures taken, organizations cannot overcome the power of the human mind set to break the rules, the limits and the codes. When somebody wants to get something for personal use he/she or the group he/she is taking part in will do anything to get to their goal fulfilled. Insiders are dangerous as they know the network, the computers, the resources available, and how things work. They may also know more about the infrastructure’s strengths and weaknesses, thus increasing the likelihood of the electronic attack being successful. An insider is anyone in an organization with approved access, privilege, or knowledge of information systems, information services, and missions [1]. By default, insiders are trusted; they are already on organization’s systems and usually within or behind most of technical security controls. They usually have some type of authority on the systems they plan to attack. In some cases, this authority is highly privileged (e.g. systems administration) allowing the insider either to abuse that privilege or gain higher privileges through some means (e.g., social engineering, shoulder surfing, sniffers, and so on) [2]. An insider can be [3]: - an employee, student, or other “member” of a host institution that operates a computer system to which the insider has legitimate access; - an associate, contractor, business partner, supplier, computer maintenance technician, guest, or someone else who has a formal or informal business relationship with the institution; - anyone authorized to perform certain activities, for example a bank’s customer who uses the bank’s system to access his or her account; - anyone properly identified and authenticated to the system including, perhaps, someone masquerading as a legitimate insider, or someone to whom an insider has givens access (for example by sharing a password); - someone duped or coerced by an outsider to perform actions on the outsider’s behalf; - a former insider, now using previously conferred access credentials not revoked when the insider status ended or using access credentials secretly created while an insider to give access later. As we can see, there are many insiders that could threat an organization. But let us see what insiders’ and employees’ motives for computer attacks that become crimes could be [4]: - stressful events; - making an unintentional mistake; - trying to accomplish needed tasks – this way over passing the security; - organizational sanctions; - trying to make the system do something for which it was not designed; - as a form of innovation to make the system more useful or usable; - trying to over pass the systems, its capabilities, testing the limits of authorization; - predispositions towards crimes; - personal past events, sanctions or convictions; - checking the system for weaknesses, vulnerabilities or errors, with the intention of reporting problems; - killing time for fun, boredom, revenge or disgruntlement; - acting with the intention of causing harm, for reasons such as fame, greed, capability, revenge, divided loyalty or delusion; - lack of electronic and physical control, everybody is doing what they want. Understanding the factors that may be directly or indirectly responsible for the insider threat should allow us to choose better mitigation strategies and, in some cases, be preventative and proactive rather than being solely reactive as we currently are. At a high level, the factors can be categorized as business culture and society. Under the heading of business culture, we have subcategories of ethics and morals and a transient workforce. Society is subdivided into economy, morality, and social learning. At the most basic level, the problem of insider attacks is a people issue, not a technology issue. The insider threat is a problem faced by all industries and sectors today. It is an issue of growing concern as the consequences of insider incidents can include not only financial losses, but the loss of clients and business days. The actions of a single insider can cause damage to an organization ranging from a few lost staff hours to negative publicity and financial damage so extensive that a business may be forced to lay off employees or even close its doors. Furthermore, insider incidents can have repercussions extending beyond the affected organization to include disruption of operations or services critical to a specific sector [5]. As many incidents are not reported to the law enforcements, nothing can be done against the disgruntled employees. According to e-Crime survey done in 2009 on 307 KPMG’s clients1 revealed that internal e-Crime risks of most concern in the current economic climate are: - theft of customer or employee data by insiders or ex-employees; - knowledge of weak points in business processes/systems being deliberately exploited by insiders or ex-employees; - theft of intellectual property or business sensitive data by insiders or exemployees; - loss of undocumented business knowledge relevant to security; - employees placing personal information on the Internet that can be exploited by attackers; - knowledge of weak points in business processes/systems being sold. Not only the organizations are threaten but also their clients as their data is being stolen and used to obtain some gains. According to Lumension2, in order to mitigate the risk posed by insiders, it helps to understand who these people are [6]. Petty Identity Thief. One of the most common malicious insiders is the unsophisticated employee or partner looking to score a few sets of customer data here and there to commit small-scale ID theft on his own. Data Fencer. Instead of using the data himself/herself to commit fraud, he/she’ll simply sell it to one of the numerous criminal elements out there in the ID theft underground that buys personally identifiable information in bulk. This type of insider can inflict a lot more damage on the organization as he/she’s usually looking to score a large database or list of names. Ladder Climber. This particular insider often doesn’t believe he’s/she’s stealing. He’ll/she’ll collect customer lists or intellectual property so that he/she can take them with him/her when he/she gets hired on by a competitor. Saboteur. Rather than stealing information, this type of malicious insider is slightly more emotional. He/She’s simply looking to hurt the employer rather than to make financial gains. He/She might want to do so in retribution for a firing or perhaps because he/she disagrees with some company policy or activity the organization is involved in. This insider can be especially dangerous if he/she’s a knowledgeable IT worker with special access privileges. 1 KPMG is a global network of professional services firms providing audit, tax and advisory services in 145 countries around the world. 2 Lumension™, Inc., a global leader in operational endpoint security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Clueless Rube. This type will load unauthorized P2P software on his machine, recklessly transfer sensitive data on unprotected USB devices and click into any old e-mail or website - regardless of how sketchy it looks - for his personal pleasure. This is the most prevalent insider threat and, sadly, outsiders know it. Marcus Rogers in his article, Internal Security Threats [7], says that to appreciate fully the risk presented by insiders, it is necessary to break the group into subcategories. The choice of exact categories is somewhat arbitrary but the author uses these categories: - Disgruntled employees - the most common type of an inside attacker. The category covers current employees, ex-employees, contractors, and consultants. - Hackers – individuals with disregard for convention and rules, loose ethical boundaries, ambiguous morality, disregard for private property for their own gains. These individuals believe that rules do not apply to them and that there should be no restrictions on what information is available to them. They also believe that information, regardless of its level of business sensitivity, should be shared with the outside world, especially with their hacking friends. - Criminals (organized and individual). This category has two sub groupings, petty criminals and professional criminals. Petty criminals are individuals who display criminal behavior or intent but do not derive the majority of their livelihood from criminal activities. Professional criminals derive the majority of their income from their criminal activities and, in some cases, have ties back to organized or quasi-organized crime. - Spies (corporate and foreign national). Competition sends fake employees to get information and insights from the enemy in order to get some advantages and make their enemies loose clients, employees, money, market share and so on, just for their own good and win. - Terrorists (foreign and domestic). Having people on the inside, either spies or simply individuals sympathetic to the group’s cause, is a tactical advantage. Insiders can join forces with the outside terrorist harming in different ways the organization and its people. These are somewhat fluid categories and are not consider mutually exclusive. In some cases, an individual may migrate between two or more groups during his tenure with an organization (e.g., hackers to disgruntled employee). In taking a closer look at the traditional insider attack where the trusted individual consciously commits an act of fraud or sabotage, two elements are always at play: the motivation to commit the act and the means to do so. Many insiders are successful because their organizations simply do not have the proper tools in place to enforce policies or even monitor employee and partner activity. Organizations should not let their employees and any other person entering its grounds without being supervised. Using the right prevention methods, IT staff can drastically reduce the opportunity insiders have to cause harm to an organization. 2. ATTACKS Because information technology is available to everybody today and information is everywhere, it is not hard to become an electronic criminal. Attacks have diversified, from password phishing to hacking into computers for information stealing. Organizations’ computers became priceless as they store valuable data. As Kevin Mitnick said, and we agree with him, “people are the weakest link” as they can be exploited but they are also the most powerful tool for breaking the rules and surpass security and technology. Attackers take advantages of computers’ vulnerabilities and people’s weaknesses to get to their goal of obtaining some sort of benefit, from revenge to money. Attackers are also well aware that virtually all computers are interconnected by the Internet or private networks. In addition, mobile and handheld devices with Internet connectivity have steadily grown in popularity. Networks make attacks easier to carry out remotely and more difficult to track to their sources. We are going to see next the attacks that insiders are doing to harm to other employees or other colleagues. In the figure below we are going to see the taxonomy of attacks, as presented by Chen Thomas and David Chris [8]. Attacks directed at specific hosts include sniffing, session hijacking, exploits of vulnerabilities, password attacks, denial of service, and social engineering. Social engineering can also be used in large-scale indiscriminate attacks. Other large-scale attacks include spam and malicious code (otherwise known as malware). Fig.1. Taxonomy of attacks (Source: Chen, T., David, C., An Overview of Electronic Attacks in Kanellis, P., Kiountouzis, E., Kolokotronis, N., Martakos, D., Digital Crime And Forensic Science in Cyberspace, Idea Group Publishing, 2006, p. 3) These are some of the attacks as they can be combined in order to break networks, systems, computers to obtain information for some gains. We are going to describe shortly every attack shown in the above figure in order to know how to protect from cyber criminals. Sniffing is a passive attack that attempts to compromise the confidentiality of information. Sniffing utility is able to capture any traffic along the network, hoping to identify valuable information such as used IDs and passwords. If a laptop is used for this attack it is very hard to identify it as it is portable and easy to conceal. Session hijacking is a combination of sniffing and address spoofing 3that enables the compromise of a user’s remote login session, thus providing an attacker unauthorized access to a machine with the privileges of the legitimate user. Address spoofing is sending a packet with a fake source address. This is quite simple because the sender of an IP packet writes in the IP source address in the packet header. Address spoofing enables attackers to masquerade as another person. Exploiting refers to using some methods to exploit the characteristics of the protocols, operating system, or application software used on the targeted system or network, just as a master thief might exploit the fact that a building has ventilation shafts and use them to enter the premises [9]. Password attacks attempt to gain access to a host or service with the privileges of a current user. Passwords continue to be very frequently used for access control despite their major weakness: if a password is guessed or stolen, an attacker could gain complete access. The well-protected systems could be compromised by a single weak password. Understandably, many attacks are often directed at guessing or bypassing passwords. They can be acquired through different techniques like brute force, recovery and exploitation of passwords stored on the system, use of password decryption software and social engineering. In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting a computer and its network connection, or the computers and network of the sites somebody tries to use, an attacker may be able to prevent the user from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer [10]. Most people tend to think of denial of service (DoS) attacks as flooding, but at least four types of DoS attacks can be identified: starvation of resources on a particular machine; causing failure of applications or operating systems to handle exceptional conditions, due to programming flaws; attacks on routing and DNS; blocking of network access by consuming bandwidth with flooding traffic. In computer security, social engineering [11] is the practice of obtaining confidential information by manipulation (using social skills) of legitimate users. A social engineer commonly uses the telephone or Internet to trick a person into revealing sensitive information or getting him to do something that is against policy. Employees trick their colleagues by getting close to them and slime pass convince them to reveal sensitive information. With this method, social engineers exploit the natural tendency of a person to trust their word, rather than exploiting computer security vulnerabilities. People don’t know about this attack, have too much confidence, they don’t care or they go on the principle “it cannot happen to me”. Malicious codes are software codes built for doing harm to other people’s computers. They are also known under the name of malware, the general term covering any type of software that is created to cause damage to devices or to collect confidential data from users. Among them we can recall viruses, worms, adware, spyware and Trojan horses, the most obvious and present threat to data security that require measures for prevention and fight. Viruses are software malicious code that are replicating and modifying other software. Worms can cause malfunction of the system. Trojan horses can be combined with many of the other attack types (such as social engineering) to compromise security for just about any purpose. Adware is software to monitor and profile a user’s online behavior, typically for the purposes of targeted marketing. A more serious and growing concern is another type of software that profiles and records a user’s activities, called spyware. Spyware, like adware, 3 Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. is an attack on user privacy, but spyware is also more likely to compromise confidential data for identity theft. Spam, the e-mail equivalent of unsolicited junk mail, has been a growing problem over the years. Our e-mails are full of mails that don’t present any of our interest. Sending unsolicited mails can be a way of promoting something, of tricking people to give their personal data, access viruses, download Trojans without the users notice this but it can also be an electronic crime punished by some countries’ authorities. At the very least, spam wastes network resources (bandwidth, memory, server processing) and necessitates spam filtering at ISPs and organizations. It also wastes the valuable time of users and system administrators. The seriousness of the problem has steadily grown as the volume of spam has escalated. Along data threats that have been mentioned until now, there are physical ones too, endangering the integrity and availability of information. Those threats, as presented by Mark Michael [12], can be to any part of the physical support structure of information: - storage media and transmission media, which hold the representation of information as ones and zeroes; - machines (including their software) that can read, write, send, or receive information; - supporting documentation, which may, for instance, hold crucial instructions or reveal passwords; - utilities - electrical power, communication services, and water (for air conditioning and fire suppression); - buildings and the controlled environment they provide; - humans and the knowledge they possess to run the system. Physical threats can occur anywhere an organization’s information resources reside. The ubiquity of mobile computing and the ease with which storage media can be transported pose challenges unlike those faced by, for example, a bank guarding its money. Even when machines and media remain secured, human knowledge is a mobile resource at risk. The user problem in security systems is not just about user interfaces or system interaction. Fundamentally, it is about how people think of risk that guides their behavior. There are basic principles of human behavior that govern how users think about security in everyday situations and shed light on why they undermine security by accident [13]. Human decision making has been a topic of study in social sciences from economics to psychology for over a century. People tend to believe they are less vulnerable to risks than others and there are many that behave like they are the smartest people in the world and nothing can get them. But they are wrong, as there will be something mistaken in the way they acted and somebody a little smarter than them and finally they will be caught. 3. MEANS OF PROTECTION There are many attacks done by either the employees or other people known as insiders and outsiders. That is why; organizations have to be prepared to deal with both the disgruntled employees and their attacks. The attacks that we have presented earlier are only some of them; there are many more, powerful, complex, and new. Many employees in today’s workforce are not aware that they play an important role in their organization’s security. They engage in risky behavior on the Internet, open unsolicited e-mail attachments, carelessly divulge proprietary information, introduce wireless risks to corporate networks, and neglect to consider security in their daily routines - all activities that could put sensitive company information at risk. 1. Discover & Assess Risk – Know what is in your environment – what assets and what vulnerabilities – and know where your most critical risks lie. Network and agent-based scanning, plus assessment, provide the depth and breadth of info needed to make the right decisions. 2. Establish & Enforce Policy – Policies are only as good as the paper they are written on unless there are ways to enforce them. White listing capabilities ensure that only those authorized applications can execute and only those authorized removable devices can be accessed on specific endpoints by specific users. Having the ability to set policies that enable flexibility is key – some policies are only appropriate for some users or departments and not others. 3. Fix Open Vulnerabilities – Many research studies and analyst firms have stated that the majority of risk – more than 90 percent - comes from known vulnerabilities. These vulnerabilities are in operating systems, applications, web browsers, and virtualized platforms. If you can stay on top of the vulnerabilities that are critical to your organization then you can mitigate a lot of the risk of outside attackers targeting insiders. 4. Control and Monitor Devices – Removable devices are very used among individuals. People tend to use both personal and organizations’ devices to copy data. It’s what Gartner calls “the consumerization of IT.” While many of these devices provide benefits that enable a more productive workforce, they also must be managed because of the storage capacity and ease of which data can be moved on and off. It is imperative to employ systems and practices that enforce what devices are authorized or not, by what users and on what machines. Also necessary is the ability to track what information is being moved on or off these devices. 5. Audit – Having visibility into what your users are doing, what data is being moved and what applications and vulnerabilities are in your environment is very important from an audit readiness perspective. High level and low level auditing capabilities provide necessary levels of insight into the effectiveness of your policies and enforcement capabilities. Any security measure that is taken against insider threats should be accompanied by employees’ awareness on what it means to be threatened, attacked or fired based on their actions. Policies should be respected by everybody and not broken. Periodically there should be training sessions to ensure that employees know responsibilities, limits, physical and information security, consequences of their actions, use of existent technology for the welfare of the organization. For organizations it is very important to use the most powerful software together with other means of protection against any kind of threat. Only one solution for preventing damages to information and systems is not enough as attacks are becoming more and more complex, involving different information technologies and people. A fundamental component in enforcing protection is represented by the access control service, whose task is to control every access to a computer system and its resources and ensure that all authorized and only authorized accesses can take place [14]. To this purpose, every management system usually includes an access control service that establishes the kinds of rules that can be stated, through an appropriate specification language, and then enforced by the access control mechanism enforcing the service. By using the provided interface, security administrators can specify the access control policy (or policies) that should be obeyed in controlling access to the managed resources. The security provided by a password system depends on the passwords being kept secret at all times. Thus, a password is vulnerable to compromise whenever it is used, stored, or even known. In a password-based authentication mechanism implemented on a computer system, passwords are vulnerable to compromise because of the following exposure areas of the password system: passwords are initially assigned to users when they are enrolled on the system; are stored in a “password database” by the system; Passwords are remembered by users. Because of the limitations of human memory, users often choose weak or easily guessed passwords that can be compromised by attackers; passwords are entered into the system by users at authentication time [15]. Whenever passwords are entered, an attacker could use a keystroke logger, sniffer, or other device to capture the password and replay it later. The key to any security program is the control of information access based on individual rights and responsibilities. The first line of defense against malicious software includes tools and approaches that prevent these threats from ever executing on a protected computer system. Because of the growth of the Internet and the connectedness of today’s computer Today’s antivirus software must address numerous points of entry including e-mail, Web browsers, Internet enabled services, and shared file systems. Together with the use of this type of software organizations should also use firewalls, intrusion detection software, virtual private networks with limited access, cryptography, private key infrastructure and any other security software. Intrusion detection comprises a variety of categories and techniques. The prominent approaches involve determining if a system has been infected by viruses or other malicious code and applying methods for spotting an intrusion in the network by an attacker. Virus-scanning and infection-prevention techniques are used to address the virus problem and intrusion detection and response mechanisms target network intrusions [16]. In the past, discussions about the protection of endpoints, such as PCs and laptops, have revolved around anti-virus software. Recently, however, the focus has shifted to policy-based enforcement that offers more complete protection. Policy-based endpoint management should cover configuration management, patch management, access management, application management and even anti-virus applications. As more organizations realize that using perimeter and antivirus technologies alone [17] is like locking their doors but leaving their windows open, it’s become evident that enterprises must upgrade their security practices in order to prevent huge data breaches. The organization should approach the security problem with a comprehensive riskmanagement strategy that prioritizes information based on its importance and on regulatory requirements that necessitate its protection. IT staff should know where the security should be higher and ways to ensure that. In order to implement security there should be policies. Organizations should have strong security for databases, password access, log files, backup files, and policies like changing passwords when people are leaving. Internet should also be restricted as employees are losing their time surfing, they could download malicious software without knowing, receive dangerous emails, talk to other people revealing organization’s and personal information that should stay confidential. People can be easily fooled and that is why they have to be monitored and surveyed all the time, especially in big organizations with lots of employees. Regarding physical security, all desktop machines should be anchored to a desk or, when possible, something more secure. Again, this will not dissuade someone who intends to get a particular desktop, but it makes the desktop machines less attractive to random thieves. Security can be increased for both workstations and laptops by ensuring that files are stored on the file server, and not on the local hard drive. This makes backups easier, and it means that if someone does steal a workstation, there will be very few useful documents on it. Monitoring other aspects of physical security can also enhance workstation security. Aside from the standard measures taken to secure an organization's physical premises, senior level staff should lock their office door when they are not in the office. This makes it more difficult for even a determined thief to steal a machine. Laptops that are not being taken home should be locked away overnight, either in a filing cabinet or in a secure storage area. The harder they are to get at, the less likely they will be to be stolen. Unauthorized users gaining access to the network through a workstation—is most often accomplished because users don't lock their workstations. All network operating systems allow users to lock the workstation when they are away. The lock simply prevents anyone from using it while the user is away from the workstation [18]. Ryan West in “The Psychology of Security” [19] states that safety is an abstract concept as often the pro-security choice has no visible outcome and there is no visible threat. The reward for being more secure is that nothing bad happens. In order to have good security, users should be rewarded for making good security decisions. Other security measures that should be taken by any organization are: rewarding employees for their hard work in order for them to be happy; improve the awareness of risk, consequences for their acts; get feedback from employees regarding security needs; periodic training for employees explaining what their responsibilities are and the consequences of their wrong doings. First step in assuring good security is having trustworthy employees. That is why it is important to check people before employing them. Surveillance during their work schedule is needed to make them aware that they have to do just their duties and nothing more. IT administrators should control access to the resources, maintain databases, train the employees, make information security policies, monitor any suspicious activity and always be alert as new threats like viruses, Trojan horses appear everyday and new attacks can be done either from outside or inside the organization [20]. Not only people should be watched, but also the activities done on computers and programs that are running on them. Each employee should have in mind very clear their responsibilities, awareness of dangers and consequences for their actions. 4. CONCLUSIONS We have seen that there are a lot of electronic attacks coming from insiders. Every type of attack has its own measures of prevention and security both from the employee as well as the employer. Software and measures for protection and security against the attacks have to be used together, only one will not do the job and the network will not be protected. Organizations have to mix together resources like employees, hardware, software, surveillance devices and so on. Information is a resource that is integral to the success for any organization. But if the information is not protected then you are essentially gambling with your business – and this can cause devastating consequences. Like Susan Landau says, “solutions for computer privacy and security are not mathematical theorems but instead lie in the complexity of human behavior” [21] and we have to agree with her because people are the brightest humans and the most dangerous as facts have proven along time. Protecting the privacy and security of information, computers, networks, and people is a great challenge for any organization. Information security, for the most part, is still often regarded as a technology issue to be left to the IT department. To be effective, security must become part of every employee’s job. Awareness on electronic dangers is very important and that is why organizations should train periodically their employees telling them their responsibilities, key points of information security and of course consequences of their actions. Unfortunately, organizations are leaving themselves open to security breaches because their information security awareness training is inadequate. Teaching employees about security isn’t an easy task. The real key to keeping information secure is managing the behavior of end users and changing the corporate culture. References [1] Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matzner, S., Hetherington, T., et.al, Analysis and Detection of Malicious Insiders, Submitted to 2005 International Conference on Intelligence Analysis, McLean, VA, https://analysis.mitre.org/proceedings/Final_Papers_Files/280_Camera_Ready_Paper.pdf, accessed 9.06.2009 [2] Rogers, M., Internal Security Threats in Bigdoli, H. (ed.), Handbook of Information Security, Wiley, 2006, p. 3 [3] Pfleeger, C., Reflections on the Insider Threat in Stolfo, S., Bellovin, S., Hershkop, S., Keromytis, A., Sinclair, S., Smith, S., Insider Attack and Cyber Security. Beyond the Hacker, Springer, 2008, p. 5 [4] http://www.cert.org [5] Kowalski, E., Capelli, D., Moore, A., Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector, January 2008, Carnegie Mellon Software Engineering Institute, www.cert.org/archive/pdf/insiderthreat_it2008.pdf [6] Lumension, New Insider Threat Emerges in the New Economy, January 2009, http://www.itsecurity.com/whitepaper/new-insider-threat-lumenision/ [7] Rogers, M., Internal Security Threats in Bigdoli, H. (ed.), Handbook of Information Security. Threats, Vulnerability, Prevention, Detection, and Management, Vol. 3, John Wiley & Sons, 2006, p. 3 [8] Chen, T., David, C., An Overview of Electronic Attacks in Kanellis, P., Kiountouzis, E., Kolokotronis, N., Martakos, D., Digital Crime And Forensic Science in Cyberspace, Idea Group Publishing, 2006, p. 3 [9] Littlejohn Shinder, D., Scene of the Cybercrime. Computer Forensics Handbook, Syngress, 2002, p. 315-316 [10] US-CERT, Understanding Denial-of-Service Attacks, Carnegie Mellon University, 2004, http://www.us-cert.gov/cas/tips/ST04-015.html, accessed 22.06.2009 [11] McDermott, J., Social Engineering - The Weakest Link in Information Security, September the 7th, 2005, http://www.windowsecurity.com/whitepapers/Social-EngineeringThe-Weakest-Link.html [12] Michael, M., Physical Security Threats, in Bidgoli, H.(ed.), Handbook of Information Security. Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3, Wiley, 2006, p. 18 [13] West, R., The Psychology of Security, Communications of the ACM, April 2008, Vol. 51, No.4, p. 34 [14] De Capitani di Vimercati, S., Paraboschi, S., Samarati, P., Access Control: Principles and solutions in Bidgoli, H.(ed.), Handbook of Information Security. Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3, Wiley, 2006, p. 406 [15] Rasmussen, J., Password Authentification in Bidgoli, H.(ed.), Handbook of Information Security. Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3, Wiley, 2006, p. 406 [16] Cole, E., Krutz, R., Conley, J., Network Security Bible, Wiley Publishing, 2005, p. 567 [17] Chickowski, E., Is Your Information Really Safe, 20.03.2009, http://www.baselinemag.com/c/a/Security/Is-Your-Information-Really-Safe-351822/1/, accessed 25.06.2009 [18] Liska, A., The Practice of Network Security: Deployment Strategies for Production Environments, Prentice Hall, 2002 [19] West, R., The Psychology of Security, Communication of the ACM, Vol. 51, No. 4, April 2008, p.37 [20] Oprea, D., Protectia si securitatea informatiilor, editia a2a, Polirom, 2007 [21] Landau, S., Privacy and Security. A Multidimensional Problem, Communication of the ACM, November 2008, Vol. 51, No.11
