Employee profiling: A proactive defense against insider threats: "They might seem like normal employees, working away quietly like everybody else. But they're not. They're criminal insiders, using their privileged positions inside companies everywhere to access and steal confidential data or cause mayhem on the company's IT systems.

How can organizations protect themselves against these miscreants? How can enterprises weed out, let alone find, malicious insiders in their midst?

One way might be to build a profile of corporate turncoats. Once singled out, they can be scrutinized more closely than other employees. However, before starting an employee profiling program, there are three key questions to ask: What is the profile of a criminal insider? Is it legal or appropriate to single out suspected thieves? Is there a clever technical solution -- such as identity and access management -- to stop corporate sabotage without the fuss and hazards of profiling?

Building the employee profiling model
A profile of criminal insiders does exist. Carnegie Mellon's Computer Emergency Readiness Team (CERT) issued its first Insider Threat Study in 2002 (.pdf). Since then, CERT has updated the work annually in conjunction with the U.S. Secret Service. Their work has become the foundation for profiling potential computer criminals inside companies and organizations.

The CERT study focuses on three types of insider crimes: fraud, information theft and sabotage. The study says the profile of the typical insider crook is different for each crime. Those committing fraud tend to be current employees, evenly divided between males and females and mostly not in technical or management positions. Those who stole information, on the other hand, were overwhelmingly male employees in technical positions."

(Read Original Article.)