An ISO 3103:1980 compliant podcast that explores the issues with tackling the insider threat and its impact on the key business functions and information security program of organizations

13 Nov November

Intro

Welcome back! This is episode 26 of The Insider Threat podcast, for the week of November 13th, 2017.

If you’re listening to this on Monday, I want to say Happy Veterans Day to all our veterans out there. I’ve made it a point not to be political at all on this show, so I won’t go down that route. No matter where you stand, I hope you can find it in your heart to be thankful for a person who has sacrificed a portion or the entirety of their life in service to their nation and everyone in it.

I don’t have any specific announcements for this week, so..

Infosec Question of the Week

It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was "In 1964, John G. Kemeny and Thomas E. Kurtz designed the original BASIC programming language. Where were they when they did this?"

The answer was "Dartmouth College".

I don’t remember what BASIC was like, but I remember QBASIC, which was invented by Bill Gates to be a simplified version of BASIC.

Congratulations to: Eusebio from Pasadena, Lynette from Salinas, Walt from Indiana, and Alan from Aldergrove for getting the correct answer.

Here's your question for this week: "In 1984, David Ruderman and Eric Corley launched a periodical named after a specific tone that could get early phone phreakers into operator mode on telephone systems. What is the name of this periodical?"

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "HOPE".

Discussion Topic for the Week

This week’s discussion topic is User Awareness Training

- What is user awareness training?

- Awareness is…

- Training is…

- What does awareness training look like?

- Types of training (in person, virtual)

- In person (slides and presentation, roleplaying)

- Virtual (distributed learning environment, video, test or quiz)

- How often should training happen?

- Compliance vs. security

- Several companies offering training solutions now, including NINJIO, Wombat, KnowBe4

- Shout out to habitu8, NINJIO, Curriculum for being awesome on LinkedIn

- Just like every other type of training, it doesn’t have to be expensive to be effective

- Tell story of daily infosec question at login

- How do we measure effectiveness of training? (open your ears, look for reports)

- What type of training do you do at your organization?

- If you were king for a day, and some of you are, what would you change?

News

A Minnesota man paid people to DDoS his former employer for over a year

https://www.hackread.com/cyberhitmen-hired-for-ddos-attacks-against-ex-employer/

- John Gammell charged with paying for sustained DDoS attack against former employer for over a year

- Cost the company, Washburn Computer Group (company that repairs point of sale systems), approximately $15,000

- Paid between $19.99 and $199.99 per month

- Also paid for DDoS against Hennepin County, Minnesota Judicial Branch, and some banks.

- Mr. Gammell was caught because he sent some taunting emails to his former employer using accounts that were created from his house and accessed by his phone

- Important point: DDoS and other similar services are cheap now

- How we treat other people could have a big impact on how they treat us

Thought of the Week Segment

Our thought of the week comes from my pick for best lightsaber dualist in the Star Wars universe, Master Yoda. He said, "Do or do not. There is no ‘try’."

Outro

Thank you for listening to episode 26 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

 

Thanks again and I'll see you folks next time!