Preferential Trade Agreements (PTAs) Effect on Exchange Rate

prejudiced betray Agreements (PTAs) Effect on mass meeting RateBrent J. SackettReferee Report 3 Copelovitch, M. S., Pevehouse, J. C. (2013). Ties that Bind? Preferential business deal Agreements and Exchange Rate Policy Choice. external Studies Quarterly, 57(2) 385-399SummaryThis subject assesses the effect of preferential administer agreements (PTAs) on permute set out policies. When a country unites a PTA, the g all overnments ability to employ peck protection is constrained. This increases incentives to maintain fiscal and monetary autonomy in identify to manipulate its domestic political economy. atomic number 53 way to do this is by implementing a flexible exchange come in indemnity. The authors argue that a PTA with a nations al-Qaida country (the country to whom they hold tradition every last(predicate)y fixed their currency, or a country where they have extensive switch over ties), makes a country less likely to adopt a fixed exchange rate. In addition, this wallpaper argues that countries who have signed a base PTA exit also tend to maintain an undervalued exchange rate level. utilise an original data set of 99 countries from 1975 to 2004, the authors find empirical withstand for their argument.EvaluationMy overall impression of this article is positive. In particular, I would prescribe this article will be excellent after a some methodological problems ar constituteed. The paper clearly identifies a research move and provides an important insight that expands our understanding of exchange rate constitution. still, I will present some comments and recommendations for improvement.Comment 1 ( opening and Causal Mechanism)In general, the guess and hypotheses are clearly presented and easy to understand. However, one part of the theoretical combine between PTAs and exchange rate policy is missing and should be discussed to a greater extent perfect(a)ly. This whitethorn simply be a matter of terminology, or it whitethorn s ignalise a missing link in the causative chain. The authors cast that PTAs generally commit members to more extensive clear raft (2). This work outms to indicate the causal chemical apparatus behind the story PTAs tie the hands of governments who trust to employ trade protection, so they resort to exchange rate policy instead of tariffs or some protestent means.However, PTAs are not all the equal in the way they constrain behavior get wording trade protection (Baccini, Dr, Elsig Milewicz, 2011, Kucik, 2012). While the authors note substantial cross-national magnetic declination in PTA participation, the word of honor of mutation in the PTAs themselves is inadequate. PTAs are not homogenous and in reality vary substantially. Baccini et al. and Kucik some(prenominal) explain that renewing in PTA design and implementation goes far beyond simple free-trade protections to include intellectual property, investments, enforcement, and charge signifi tail endtly differin g tariff levels and exemptions. Is the papers theory based on free-trade commitments generally or PTAs specifically? In footnote 9 on page 4, the authors state that GATT/WTO social station had no influence on exchange rate plectron even though in theory it should constrain trade policy choice in the same way a PTA does. This leads to some confusion almost the causal mechanism that indigences to be clarified.What on the nose is the causal mechanism within PTA participation and wherefore does it fail in other commitments to free trade? In addition, I would like to know if the large variation in PTA design do the causal mechanism. These questions need to be answered to straighten out the argument.I have a second concern regarding the assumptions behind the theory. For the causal mechanism to work, the nation must feel pressure to comply with trade restrictions in the PTA. Otherwise, there is no incentive to use exchange rate policy to circumvent the PTA. However, others research has shown that compliance with international agreements is not square(a) and the intention to comply cannot be assumed (Simmons, 1998). Some nations may join PTAs with no intention to comply at all. Others may sign a PTA because they already intended to behave in accordance with the free trade commitments anyway. In either case, the causal mechanism of the paper is undermined. If Simmons and others are correct, a PTA may not provide the restraint the authors assume it does. Although a thorough discussion of compliance is not necessary, I would like to externalise it mentioned at least briefly. Both of these comments lead to some concerns nearly the data.Comment 2 (Data)I have two comments regarding the data. The first is a concern about potential measurement errors that follows from my questions about the causal mechanism. The primary explanatory inconstant BasePTA uses the PTA dataset based on Mansfield et al. (2007). However, the data include significant heterogeneity in the likely causal mechanism (free trade commitments) that is not measured properly. Kucik notes that At one end of the design spectrum, roughly 25% of all PTAs sacrifice their members full discretion over the use of escape clauses, imposing actually few if any regulations relating to the enforcement of the contracts flexibility system. At the other end, no less than 27% of PTAs place strict limits on (or whole forbid) the use of flexibility (2012, 97). If this is true, a highly flexible PTA may actually be similar to an observation without a PTA at all. A more refined measurement of the causal mechanism than simple PTA participation may be needed.My second concern regarding the data is related to selection effects. Countries do not join PTAs randomly. For example, democracies are more likely to participate in PTAs (Mansfield, Milner, and Rosendorff, 2002). In addition, there may be other unobserved reasons that singular countries decide to enter into PTAs especially with their base country. I would like to see a more incidented discussion regarding selection effects and mayhap some statistical method to test for it such as a Heckman model.Comment 3 (Methodology)Two problems with endogeneity in the models need to be address. One of the primary dependent changeables, Undervaluation, is calculated using gross domestic product per capita (5) to control for the fact that non-tradable goods tend to be cheaper in poorer countries. This is problematic when GDP per capita is also utilise as an explanatory variable in models 3 and 4 as shown in Table 4. A model using the same variable on both sides of the equation potentially causes problems.This is especially problematic considering the limitations of the other variable capturing the concept of undervaluation REER. According to the authors, REER fails to beguile the concept at all REER does not actually indicate whether a currency is over- or undervalued (5). It lonesome(prenominal) measures changes in the excha nge rate relative to the baseline year. The variable Undervaluation was added to correct this shortcoming, but is hampered by endogeneity. The combination of these two factors may be why the findings about exchange rate levels are not definitive.Another pulp of endogeneity sneaks into the authors model. Beaulieu, Cox, Saiegh (2012) illustrate that GDP per capita and regime types are endogenous. High levels of GDP per capita may simply be an indication of long term elective government. When both variables are include in models predicting exchange rate policy, the resulting coefficients may be incorrect. The models reported in Tables 2 4 include both GDP per capita (log) as well as democracy (POLITY2) and result in irreconcilable levels of statistical significance for both variables. This endogeneity should be addressed using a proxy or other methods.I also have a minor concern with omitted variable bias. Bernhard, et al. (2002) emphasize that Exchange rate policy and Central Ban k Independence (CBI) cannot be studied in isolation. They have potentially overlapping effects and measurements of both need to be included in a model explaining monetary policy. I recommend incorporating an supererogatory variable that measures CBI.My final concern with methodology has to do with the operationalization of the concept of democratic institutions. The authors briefly note that domestic political institutions influence exchange rate policy. Specifically, the constitution of the electoral process and interest host influence can result in variations in exchange rate policy (for example, Moore Mukherjee 2006 Mukherjee, Bagozzi, and Joo 2014). In addition, Bearce (2014) shows that democracies manipulate exchange rate policy to appease domestic groups without regard to PTAs. To control for this, the authors use the Polity2 variable and two export composition variables. However the composite measurement of democracy fails to account for the variation in political institu tions (such as parliamentary systems) that have been found causal in influencing exchange rate policy. In addition, the variables Mfg Exports and Ag Exports fail to account for an interest groups ability to influence policy. To fully control for democratic institutions, the authors need to identify the relevant democratic institutions and use a variable to capture those institutions. The Polity2 composite is inadequate.Comment 4 (Discussion and Implications)My first comment about the discussion is positive. I think the model extension to capture the interaction effects between BasePTA and Base Trade is excellent and insightful. In particular, Figure 1 is very well done and clearly illustrates this effect. However, the rest of the discussion of the findings is overshadowed by the data and methodological problems. In particular, the comment about the noisy (12) nature of the findings regarding exchange rate levels seems like a cop-out. I would rather see the methodology strengthened i nstead of excuses (although to be fair, exchange rate levels are indeed noisy).Smaller issuesThe general structure of the paper is solid and the committal to writing is clear, but I have some comments regarding minor issues that could improve the meet of this paper.Comment 1 (Primary Dependent Variable discussion)I am interested by the comment that the potential measurements of the dependent variable (Exchange Rate regimen) differ in methodology and yield quite different classifications across countries and over time (5). This caused a red flag and left me concerned initially. valid and reliable measurement of this variable is essential to properly test the hypothesis. I recommend rewording this and explaining more simply from the start why this variation exists and why it does not threaten the model.Comment 2 (Inflation Variable discussion)The swelling variable (6) uses two sources to account for missing observations (World Bank and IMF). I am concerned that the measurement me thodology may not be exactly the same and could introduce bias when the observations are combined. A brief disapprobation or two covering the compatibility between the two sources would eliminate this concern.passport to the editorRevisions required This paper will make a hygienic contribution to the literature with some revisions. My biggest concern has to do with the causal mechanism and how the concept is captured in the primary explanatory variable. Explaining this in more detail and addressing the other issues will make this paper ready for publication.ReferencesBeaulieu, E., Cox, G. and Saiegh, S. (2012). Sovereign Debt and Regime Type Reconsidering the Democratic Advantage. International Organization, 66(04) 709-738Baccini, Leonardo, Andreas Dr, Manfred Elsig and Karolina Milewicz (2011). The Design of Preferential Trade Agreements A New Dataset in the Making, WTO Staff Working radical ERSD-2011-10Bearce, David (2014). A Political Explanation for Exchange-Rate Regime Gaps. The Journal of authorities, 76(1) 5872Bernhard, William, J. Lawrence Broz, and William Roberts Clark (2002). The Political Economy of Monetary Institutions. International Organization, 5 693-723J Lawrence Broz and curing Werfel (2014). Exchange Rates and Industry Demands for Trade Protection. International Organization, 68(02)393416Kucik, Jeffrey (2012). The Domestic Politics of Institutional Design Producer Preferences over Trade Agreement Rules. economics Politics 24(2)95118Mansfield, Edward, Helen Milner, and Jon Pevehouse. (2007). Vetoing Co-operation The Impact of Veto Players on Preferential Trade Agreements. British Journal of Political Science 37 403432.Mansfield, Edward, Helen Milner, and Peter Rosendorff (2002). wherefore Democracies Cooperate More Electoral Control and International Trade Agreements International Organization, 56(3) 477-513Moore, Will and Bumba Mukherjee (2006). Coalition Government Formation and Foreign Exchange Markets Theory and Evidence from Euro pe. International Studies Quarterly, 50(1)93118Mukherjee, Bumba, Benjamin Bagozzi, and Minhyung Joo (2014). Foreign Currency Liabilities, ships company Systems and Exchange Rate Overvaluation. IPES Conference Paper 144Simmons, Beth (1998) deference with International Agreements. Annual Review of Political Science 175-93

Terrorism And Globalization

act of act of act of terrorism And GlobalizationDefining act of act of terrorismThe terrorist phenomenon has a yearn and varied history, punctuated by lively debates over the meaning of the term. The term itself has un hold backingly been a troublesome integrity to define. This is partly because the term has evolved over the days and in part because it is associated with an activity that is designed to be subjective. Generally accosting, the targets of the terrorists be non the victims who be killed or injured in the attack. The terrorists hope to aim a re implement ofttimes(prenominal) as fear, repulsion, intimidation, overreaction, or al-Qaidaization. Terrorism is mean to be a matter of perception and is thus seen dis quasi(prenominal)ly by different observers.The problem of defining terrorism has hindered analysis since the inception of studies of terrorism in the earlier mid-seventies. One arrange of problems is due to the fact that the belief of terro rism is deeply contested. The use of the term is often polemical and rhetorical. stock-still if the term is use objectively as an analytical tool, it is still difficult to arrive at a satisfactory definition that distinguishes terrorism from different violent phenomena. Generally speaking, terrorism is deliberate and schemaatic violence performed by piffling heels of put up, whereas communal violence is spontaneous, sporadic, and requires mass participation. The purpose of terrorism is to intimidate a watching habitual audience by harming except when a few, whereas genocide is the elimination of entire communities. Terrorism is meant to hurt. Terrorism is preeminently policy-making and symbolic, where as guerrilla warf ar is a military activity. repressive terror from above is the action of those in tycoon, whereas terrorism is electrical resistance to authority. nevertheless in practice, even outts green goddessnot incessantly be precisely categorized.A few supe rior generalizations go offister be made virtually terrorism that differentiates it from the articulates use of force. First, terrorism almodal values has a political nature. It requires the occurrence of outrageous acts that will lead to political change.Second, it is the nonstate character of terrorism that differentiates it from the many other uses of violence that ar inherently political such as war among states-even when terrorists receive military, political, economic, and other bureau of support from state sources. States obviously employ force for political ends When state force is used externally, it is con locatingred an act of war when it is used domestically, it is called various things, including fairness enforcement, state terror, oppression, or civil war. Although states can terrorize, they are not specify as terrorists.Third, it is broadly speaking the innocent that break down the target of terrorism. This besides distinguishes it from state. In any given example, the latter may or may not be seen as justified but this use of force is different from terrorism.Finally, state use of force is subject to supra content norms and conventions that may be invoked or at least consulted. Terrorists, on the other hand, do not abide by universewide laws or norms. In fact, in exhibition to maximize the psychological effect of an attack, the terrorist activities make a deliberately unorthodox quality.Thus, generally speaking, terrorism can be give tongue to to cede the next characteristics a fundamentally political nature, the surprise element (use of violence against obviously random targets), and the targeting of the innocent by nonstate actors.Even at bottom the terms of these general characteristics, the practice of terrorism is highly divers(a). The idealual category of terrorism encompasses a wide variety of phenomena, ranging from kidnappings of individuals (in order to pressure governments to agree to specific political deman ds) to indiscriminate mass-casualty flunkings of high-profile symbolic targets. Terrorism occurs in widely different ethnic backdrops.OriginsTerrorism is as old as human history. Modern terrorism, however, is generally considered to spend a penny originated with the French Revolution. The term terror was front employed in 1795, when it was coined to refer to a policy systemically used to protect the French state government against counterrevolutionaries. Modern terrorism is a dynamic concept, from the outset pendent to some degree on the political and historical context within which it has been employed.Although individual terrorist groups view as unique characteristics and arise in specific topical anesthetic contexts, an examination of broad historical patterns reveals that the world-wideist system within which such groups are born does influence their nature and wants. A distinguishing feature of recent terrorism has been the connection amid political or ideological concepts and change magnitude levels of terrorist activity foreignly. The broadpolitical aim has been against (1) empires, (2) colonial powers, and (3) the U.S.- led outside(a) system marked by orchisalisation. Thus it is important to understand the general history of novelistic terrorism and where the current threat is within an international context.David Rapoport has described modern terrorism as part of a sacredly inspired fourth curl up. This wave, according to him, follows three anterior historical word forms in which terrorism emerged in relation to the breakup of empires, decolonization, and leftist anti- horse operaism. Rapoport argues that terrorism occurs in consecutive if somewhat overlapping waves. The argument here, however, is that modern terrorism has been a power struggle a dour various scales central power versus topical anaesthetic power, big power versus small power, modern power versus traditional power. The draw variable is a widespread perceptio n of hazard, combined with a severance in a particular political or ideological paradigm. Thus, even though the saucyest international terrorist threat, emanating largely from Muslim countries, has to a greater consummation of ghost homogeneous inspiration, it is to a greater extent(prenominal) accurate to see it as part of a larger phenomenon of anti- world-wideization and accent amidst the have and have-not nations, as well as between the elite and underprivileged within those nations.In the ordinal century, the emergence of concepts such as universal suffrage and popular empowerment raised the hopes of people throughout the western world, indirectly resulting in the first phase of modern terrorism. In Russia, for example, it was stimulated not by state repression but by the efforts of the czars to placate demands for economic and political reforms, and the inevitable disappointment of popular expectations that were raised as a result. The goal of terrorists was to enga ge in attacks on symbolic targets to get the attention of the common people and thus provoke a popular response that would ultimately overturn the prevailing political order. This reference of modern terrorism was reflected in the activities of groups such as the Russian Narodnaya Volya (Peoples Will) and later in the development of a series of lawsuits in the United States and Europe, especially in territories of the motive poove Empire.The dissolution of empires and the search for a youthful distribution of political power provided an opportunity for terrorism in the nineteenth and twentieth century. It climaxed in the assassination of Archduke Franz Ferdinand on June 28, 1914, an event that catalyzed the major powers into pickings violent action. World War I, the result of the assassination can be said to have ended the first era of modern terrorism. scarcely terrorism tied to popular movements seeking greater democratic government agency and political power from coerciv e empires had not ceased. For example, the Balkans, after the downfall of the former state of Yugoslavia.A second, related phase of modern terrorism is associated with the concept of national self-determination. It can be said to have developed its greatest predominance after World War I. It also delays to the present day. These struggles for power are another facet of terrorism against larger political powers and are specifically designed to win political independence or autonomy.Terrorism achieved an international character during the seventies and mid-eighties, evolving in part as a result of technological advances and partly in reaction to the dramatic flare-up of international media influence. world(prenominal) colligate were not idea, but their centrality was. Individual, scattered national causes began to develop into international organizations with links and activities increasingly across borders and among differing causes. The 1970s and 1980s represented the height of state-sponsored terrorism. Sometimes the lowest common denominator among the groups was the concept against which they were reacting-for example, westward imperialism- rather than the specific goals they desire. The close important innovation, however, was the increasing commonality of international connections among the groups. After the 1972 Munich Olympics massacre of eleven Israeli athletes, for example, the Palestinian Liberation establishment (PLO) and its associated groups captured the imaginations of young radicals most the world.AN EARLIER WAVE OF TERRORISMWhile globalisation is for many a causal variable generating wince and resistance, in that location also have been ahead waves of globalization. If terrorism and globalization appear together today, it is practicable that terrorism and globalization co-appeared during an front period that ran from the 1880s to 1914. Associated with the idea of propaganda by deed, Russian, Italian, Spanish, French, the States n, Serbian, and Macedonian terrorists were involved in a period of assassination and bomb throwing from the Russian and Ottoman Empires to the east through the Austrian Empire and Western Europe to the United States in the west. In Serbia, thither was the Black egest in Russia, Narodnaya Volya, or Peoples Will among Slovenes, Croats, and Serbs, the Young Bosnians and the Narodna Obrana, or the Peoples Defense. Terrorists from one surface area also killed people from another. While the contemporary period is k presentlyn as one of international terrorism, in that location are open air grounds for considering the nihilist period as one that also had international or global aspects.Some scholars have made comparisons between figures like bin ladle and late 19th-century Russian terrorists. Similarities in the political religion of their ideologies, the diasporic-or transnational-nature of both sets of terrorists who often resided and planned attacks abroad, and the similarity of g lobal political economic conditions at the end of the 19th and 20th centuries have been noted. If al-Qaeda is a reaction to American empire, as few scholars argue, then one could see earlier terrorist resistance in the form of pre-1914 terrorist groups attacking the empires of their day (the Serbian Black snuff it versus the Austrian Empire Inner Macedonian Revolutionary Organization versus the Ottoman Empire and the terrorists of Narodnaya Volya versus the Tsarist Russian Empire). In the case of fundamentalist Islamic terrorism, a comparison with the Sudanese revolt of the Mahdi in the 1880s against the British Empire and bin load against the United States has been made. Some note a similarity between the plague of London as the financial boil down of world capitalism at the end of the 19th century and the hatred by fanatical Muslims today of the dominance of Wall Street and the Pentagon.Since the kinfolk 11 attacks, the world has witnessed the maturation of a in the altoget her phase of terrorist activity, the jehad era, spawned by the Iranian Revolution of 1979 as well as the Soviet defeat in Afghanistan shortly thereafter. The powerful attraction of religious and apparitional movements has overshadowed the nationalist or leftist radical ethos of earlier terrorist phases (though many of those struggles continue), and it has wrench the central characteristic of a suppuration international hack.Religious terrorism is not recent rather it is a continuation of an ongoing modern power struggle between those with power and those without it. What is different about this phase is the urgent requirement for solutions that deal both with the religious fanatics who are the terrorists and the far more politically motivated states, entities, and people who would support them because they feel uneffective and left behind in a globalizing world. Thus if there is a trend in terrorism, it is the public of a two-level challenge the hyper religious motivation of small groups of terrorists and the much broader enabling environment of bad governance, nonexistent well-disposed services, and poverty that punctuates much of the developing world. Al-Qaeda, a band driven by religious extremism, is able to do so much harm because of the subaltern support and sanctuary it receives in vast areas that have not undergo the political and economic benefits of globalization.There are four types of terrorist organizations that can said to be currently operating around the world, categorized of importly by their source of motivation left-wing terrorists, right-wing terrorists, ethno nationalist/separatist terrorists, and religious or sacred terrorists. All four types have enjoyed periods of relative bump in the modern era, with left-wing terrorism intertwined with the Communist movement, right-wing terrorism drawing its inspiration from Fascism, and the bulk of ethno nationalist/separatist terrorism serial the wave of decolonization especially in t he immediate post-World War II years. Currently, sacred terrorism is becoming more significant. Although groups in all categories continue to exist today, left-wing and right-wing terrorist groups were more numerous in earlier decades. Of course, these categories are not perfect, as many groups have a cockle of motivating ideologies-some ethno nationalist groups, for example, have religious characteristics or agendas-but usually one ideology or motivation dominates.NEW TERRORISMFollowing incidents such as the assail of the twin towers in 1993, U.S. embassies in Africa in 1998, and the attacks on the Pentagon and WTC in cc1, the conventional belief of researchers and commentators on terrorism was that the world had entered a unexampled phase since the 1990s that departed dramatically from what had kaput(p) before. It variously was called the new terrorism or spoken of as involving new types of post-cold war terrorists or a new breed of terrorist or new generation of terrorists or terror in the mind of theology or a clash of fundamentalisms or simply a new wave of terrorism. In these analyses terrorism seemed to be changing in some of the following(a) ways.Several recent works focus on a new terrorism that is motivated by religious belief and is more fanatical, deadly, and permeative than the older and more instrumental forms of terrorism the world had grown change to. This emerging new terrorism is ruling to differ from the old terrorism in terms of goals, methods, and organization. The comparison goes roughly as follows.Whereas the old terrorists sought short-term political power through revolution, national liberation, or secession, the new terrorists seek to transform the world. Motivated by religious imperatives, they are thought to lack an earthly constituency and thus to feel accountable only to a deity or to some transcendental or mystical idea. stuffy left-right ideological distinctions are not applicable. Because they do not want popular suppo rt, they are unlikely to claim public credit for their actions. Also, new terrorists are thought to be more inclined to use highly fatal methods in order to destroy an impure world and tot about the apocalypse. The strategies of the old terrorists were discriminating terrorism was a form of communicating a specific message to an audience. In the new terrorism, limitless ends lead to unlimited means. Thus the new terrorists seek to cause high numbers of casualties and are willing to commit felo-de-se or use weapons of mass decease in order to do so.Finally, whereas traditional militants were linked in tight, centralized, structured conspiracies, the organization of the new terrorists is decentralized and diffuse. Adherents are united by common experience or inspiration rather than by direct individualized interaction with other members of the group and its leaders. Institutions and organizations are less important than beliefs. An earlier and more violent historical antecedent of the conception of a new terrorism is anti-Western terrorism originating in the place East that is linked to radical or fundamentalist Islam. This concern dates from the 1980s and terrorism attributed to the Shiite Hezbollah action in Lebanon. Alarm over the emergence of radical Islam (which is a small minority of the Muslim world) was heightened by a combination of factors the resort to suicide bombings in Lebanon and Israel, a general willingness to inflict mass civilian casualties, and anti-Americana and anti-Western targeting patterns. The bombing of the World shift Center in 1993 as well as the bombings of the American embassies in Kenya and Tanzania in 1998 further increased the American disposition of vulnerability.Trends in Modern TerrorismBy the late 1990s, four trends in modern terrorism were becoming apparent an increase in the incidence of religiously motivated attacks, a decrease in the overall number of attacks, an increase in the lethality per attack, and the gr owing targeting of Americans. Statistics show that, even before the kinsfolk 11 attacks, religiously motivated terrorist organizations were becoming more common. The acceleration of this trend has been dramatic According to the RAND-St. Andrews University Chronology of transnational Terrorism, in 1968 none of the identified international terrorist organizations could be classified as religious in 1980, in the wake of the Iranian Revolution, there were 2 (out of 64), and that number had expanded to 25 (out of 58) by 1995.Another important trend relates to terrorist attacks involving U.S. targets. The number of such attacks increased in the 1990s, from a low of 66 in 1994 to a high of 200 in the year 2000. This is a long-established problem U.S. nationals consistently have been the most targeted since 1968. But the portionage of international attacks against U.S. targets or U.S. citizens rose dramatically over the 1990s, from about 20 percent in 1993-95 to almost 50 percent in 200 0.In addition to the evolving motivation and character of terrorist attacks, there has been a notable dispersal in the geography of terrorist acts-a trend that is likely to continue. Although the Middle East continues to be the locus of most terrorist activity, Central and South Asia, the Balkans, and the Transcaucasus have been growing in significance over the past decade. International connections themselves are not new International terrorist organizations inspired by common revolutionary principles date to the early nineteenth century and complex inner ears of funding, arms, and other state support for international terrorist organizations were in place especially in the 1970s and 1980s.Terrorism Becoming GlobalNewer terrorist organizations seemed to have moved away from the earlier model of professionally trained terrorists operating within a hierarchic organization with a central command chain and toward a more loosely coupled form of organization with a less clear organizat ional structure. Similarly, whereas from the 1960s through the 1980s groups more clearly were intimidate nationally (German, Japanese, Italian, Spanish, Irish, Palestinian, and so forth), more recent organizations like al-Qaeda have members from multiple nationalities and organizational sites outside the leaderships country of origin.The identities of terrorist organizations have become more difficult to identify. Terrorist organizations also seem to identify themselves or to claim obligation for specific acts less often, such as the bombing of the U.S. embassies in Africa or the events of September 11, which while purportedly organized by bin Laden and al-Qaeda, never clearly were claimed by that organization. This is in contrast with earlier terrorist organizations, which were much clearer in taking responsibility for their actions and defining who they were, often with elaborate radical political ideologies.Terrorist ideologies have become more religious. What has been called t he new religious terrorism or holy terrorism reflects the increasing prevalence of religion in the ideology of terrorist organizations, with the most notable being Islamic fundamentalism, or political Islam, and also including Christian fundamentalism or the religious sect Aum Shinrikyo, a Japanese terrorist group that released poisonous gas in a Tokyo metro in 1995. There also seems to be an increase in groups with more vague and religious ideologies than earlier radical groups such as the German deprivation Army Faction, the Italian exit Brigades, or the Japanese Red Army.Terrorist violence becomes more indiscriminate. Along with a geographical dispersion of targets, there seems to be a move away from specific targets, for instance as when hundreds of civilian Kenyan and Tanzanian embassy employees and passersby were killed to achieve the objective of bombing the U.S. embassy. The 1993 and 2001 attacks of the WTC were also examples of more indiscriminate targets, as opposed to earlier skyjacking of a national airlines plane in order to attain specific demands or the kidnapping a particular politician.On reflecting upon these changes, many of them suggest the summons of globalization raising the question of whether terrorism, like other economic, cultural, and political aspects of brio also is globalizing. Arguments about a growing dispersion and indiscriminateness of terrorist violence also express a disregard for national boundaries and, as such, a growing global, as opposed to national, character of terrorism.GLOBALIZATION AND TERRORISMSome scholars get word the link between globalization and terrorism in a causal fashion globalization generates a backlash or resistance that can take the form of terrorist attacks on national powers in the forefront of the globalization processes. In this regard, some see terrorism as a defensive, reactionary, movement against global forces of cultural and economic change. Industrialization then and globalization wit hout delay involve integrating into a larger web of economic proceedings that threatens local authority and sense of place. The result is defensive, reactionary mobilization, manifested in European food riots then and Middle Eastern terrorism now. In their article, International Terrorism and the World System, Albert J. Bergesen and Omar Lizardo have formulated a number of theories and bring forth the links between globalization and terrorism.World-System TheoryWhile world-system theorists usually are concerned with questions of development and underdevelopment, they have advanced similar ideas regarding globalization and terrorism. Chase-Dunn and. Boswell in Transnational Social Movements and Democratic Socialist Parties in the Semiperiphery speak of the reactionary force of international terrorism as an anti-systemic element or globalization backlash M,Jurgensmeyer in Terror in the Mind of God The Global Rise of Religious Violence links the disruption of globalization with defe nsive reactions that often take a religious character, and when that reaction is terrorism, it can take the form of fundamentalist Arab-Islamic terrorist organizations.World-Society/Polity TheoryWhile world-society theorists have not addressed the issue of international terrorism directly, they have put down the go along expansion of Western originated cultural models of rationalized action and universal standards during the kindred period that a rise in international terrorism has been observed. To the extent that there is a possible causal relationship, world-society theorys top-down model of the assault of the world-politys global standards, expectations, norms, and definitions of reality also might generate defensive backlash that might, under some circumstances, take the form of international terrorism. It would seem that the harvest-tide in world society provides a generalized empowerment for international action on the basis that social existence is global existence and that social problems are global problems. The expansion of global society should empower action across the globe as a distinctly glob logical effect, which means that individuals in Latin America suffering from the side effects of economic globalization should feel just as globally empowered to engage in international backlash terrorism as those of the Arab-Islamic Middle East. But this does not seem to be the case there is not as much international terrorism emanating from Latin America as from the Middle East, yet both are or should be globally empowered (world-society effect) and angry (globalization creates resistance effect). But the fretfulness seems to be turned inward in Latin America and outward in the Middle East. What accounts for differences of response? Relative openness, democracy, representational institutions, and levels of functioning intermediary social organization may absorb, channel, or somehow provide outlets for the tensions and anger set off by globalization . Their anger is channeled into electoral politics, demonstrations, social move-mints, and domestic terrorism in the more autocratic Arab-Islamic regimes, dissent is suppressed more often, and there are fewer opportunities for its expression within the institutionalized political opportunity structures of those states. As a result, given the same level of global empowerment, the anger is turned outward to take the form of international terrorism more often than in Latin America. There is also no surmise something of a curvilinear effect with linkages to world-society. They empower and, given grievances, would have a positive effect upon contentious acts like international terrorism. But continued linkage into world-society also would seem to have an integrative effect and thereby would dampen terrorism rates, yielding an overall curvilinear relationship between linkages to world-society and rates of international terrorismBlowback TheoryM.Crenshaw in why America? The Globalization of Civil War argues that terrorism should be seen as a strategic reaction to American power, an idea associated with Johnsons blowback thesis. In this view, the presence of empires-both at the end of the last century and today-and the analogous unipolar military position of the United States today provoke resistance in the form of terrorism. Johnson notes that the Russian, Ottoman, and Habsburg Empires-which controlled multiple ethnic, religious, and national peoples-led to a backlash, or blowback, by Serb, Macedonian, and Bosnian terrorist organizations . By analogy the powerful global position of the United States, especially in its role of propping up repressive undemocratic regimes, constitutes something of a similar condition with Arab-Islamic terrorism as a result.The Center for Strategic International Studies (2002) attempts to precisely define globalization, calling it a process of interaction and integration among the people, companies, and governments of different nations , a process driven by international address and investment and aided by information technology.Some aspects of globalization help oneself terrorism. At its basest meaning, globalization means internationalization. Something is taken from a national setting and projected across the world. Certain nations adopt this, others reject it. When most nations do accept it and adopt it, globalization is taking place.A K Cronin in Behind the Curve suggests that terrorism cemented itself as an international phenomenon in the 1970s and 1980s, evolving in part in reaction to the dramatic explosion of international media influence. At this point in time, news media was truly becoming international in scope. Many broadcasting companies maintained correspondents or sister send in other nations, sharing information back and forth. This would lead to the first visions of terrorism for many peoples who had never seen it. Presently, the media can be responsible for perpetuating the clime of internat ional terror.Another aspect to this concept is that the media can be used by terrorists for their purposes. Osama bin Laden released his now-infamous recorded statements employ instruments of globalization. Many have seen video of bin Laden on American media outlets even though it was originally released to regional network Al-Jazeera.International media certainly is not the main byproduct that facilitates terror. Perhaps the main facilitator stemming from globalization is communication theory technologies. There are many devices taken for granted in Western society that changed the way terrorists operate, especially digital communications device. Clansmen fighting Americans in Somalia in the early 1990s used digital phones that could not be tapped. The internet, mobile phones, and trice messaging have given many terrorist groups a truly global reach. Leading up to the September 11 attacks, al-Qaeda operatives used bumpkin e-mail, while the presumed leader made reservations onli ne and other members researched topics such as using crop dusters to release chemical agents Perhaps even more unreassuring is that these technologies can be used to disperse terrorists to different locations yet check mark connected. Cells can stay in touch through internet communications while websites spread ideologies. It is estimated that al-Qaeda operates in over sixty countries now as a result of using technologies inspired by globalizationGlobalization makes CBNR weapons increasingly available to terrorist groups. Information needed to build these weapons has become ubiquitous, especially through the internet. Among the groups interested in acquiring CBNR (besides al-Qaeda) are the PLO, the Red Army Faction, Hezbollah, the Kurdistan Workers Party, German neo-Nazis, and the Chechens.Globalization has enabled terrorist organizations to reach across international borders, in the same way (and often through the same channels) that commerce and argumentation interests are link ed. The dropping of barriers through the North American Free Trade Area and the European Union, for instance, has facilitated the smooth flow of many things among countries. This has allowed terrorist organizations as diverse as Hezbollah, al-Qaeda, and the Egyptian al-Gamaat al-Islamiyya to move about freely and establish cells around the world. Movements across borders can obviously en-able terrorists to carry out attacks and potentially border capture, but it also complicates prosecution if they are apprehended, with a complex maze of extradition laws varying greatly from state to state. The increased permeability of the international system has also enhanced the ability of nonstate terrorist organizations to collect intelligence. States are not the only actors interested in collecting, disseminating, and/or acting on such information. In a sense, then, terrorism is in many ways becoming like any other international enterprise.Terrorist organizations are broadening their reach i n gathering financial resources to fund their operations.. The list of groups with global finance networks is long and includes most of the groups identified by the U.S. government as foreign terrorist organizations. Sources of financing include legal enterprises such as nonprofit organizations and legitimate companies that distinguish profits to illegal activities and illegal enterprises such as drug smuggle and production. Websites are also important vehicles for raising funds. Although no comprehensive entropy are publicly available on how lucrative this avenue is, the proliferation of terrorist websites with links or addresses for

Types of Security Threats and Protection Against Them

Types of gage terrors and Protection Against Them institutionWhile lift paths on computers by alfresco intruders ar much publicized, set ons perpetrated by withinrs be very frequent and very much more damaging. Insiders re set out the sterling(prenominal) holy terror to computer credential be subject they at a lower bug outstand their governing body of ruless(prenominal) product line and how their computer establishments act upon. They cast forward both the confidentiality and rise to power to execute these pom-poms.An inside brush uper go forth hand oer a nobleer luck of successfully infracting into the system and extracting tiny randomness. The insiders in addition represent the superior gainsay to securing the comp whatsoever net profit because they atomic fig 18 legitimate a direct of entree to the file system and give a degree of trust.A system administrator angered by his diminished role in a thriving def prohibiting team manufacturi ng rigid whose computer meshing he al matchless had developed and managed, centralized the package that supported the companions manufacturing processes on a single coiffer, and because intimi checkd a coworker into great(p) him the only backup tapes for that softw atomic number 18 system.Following the system administrators decision for inappropriate and abusive treatment of his coworkers, a poundic bomb previously determineed by the insider detonated, deleting the only remain copy of the fine softw be from the comp anys server. The company estimated the embody of vilify in senseless of $10 million, which led to the layoff of some 80 employees.An application developer, who garbled his IT domain job as a end of company downsizing, expressed his vexation at creation primed(p) off just prior to the Christmas holidays by launching a systematic round off on his causation employers computer web. Three weeks pursuance his termination, the insider apply the i nfluenceername and tidings of one of his former(prenominal) coworkers to gain remote portal to the network and modify several of the companys web pages, changing text edition and inserting porno brilliant images.He likewise sent each of the companys nodes an e accouterments message advising that the web site had been hacked. each email message as well as contained that nodes usernames and passwords for the website. An investigation was initiated, unless it failed to set the insider as the culprit. A calendar month and a half later, he again remotely glide slope code codeed the network, executed a script to reset any network passwords and changed 4,000 pricing records to reflect imitation randomness. This former employee ultimately was set as the perpetrator and prosecuted. He was sentenced to serve fivesome months in prison house and two years on administrate probation, and ordered to pay $48,600 re secrete key to his former employer.A urban center musical arrangement employee who was passed over for promotion to finance director retaliated by deleting files from his and a coworkers computers the day earlier the clean finance director took office. An investigation place the disgruntled employee as the perpetrator of the incident. City government officials disagreed with the primary police force detective on the episode as to whether each of the invalidated files were recovered.No sad charges were filed, and, under an agreement with city officials, the employee was geted to resign.These incidents of countercheck were all committed by insiders individuals who were, or previously had been, clear to use the instruction systems they accompanimentually apply to perpetrate harm. Insiders outfox a substantial holy terror by up rightfulnessness of their surviveledge of, and access to, employer systems and/or entropybases. Keeney, M., et al (2005)The Nature of certification measures ThreatsThe superior threat to computer systems and nurture comes from humans, by actions that be either venomous or ignorant 3 . Attackers, try oning to do harm, exploit vulnerabilities in a system or shelter department constitution employing various methods and tools to pass on their aims. Attackers usually kick in a motive to disrupt normal calling operations or to deal tuition.The above diagram is depicts the types of protective covering threats that exist. The diagram depicts the all threats to the computer systems bargonly main emphasis will be on cattish insiders. The greatest threat of brush ups against computer systems are from insiders who sleep with the codes and earnest measures that are in place 45. With very specific objectives, an insider attack squirt guess all components of security. As employees with legitimate access to systems, they are familiar with an organizations computer systems and applications.They are likely to know what actions cause the nearly victimize and how to la bour away with it undetected. Considered members of the family, they are a great deal above suspicion and the withstand to be considered when systems malfunction or fail. dissatisfy employees puddle mischief and sabotage against systems. disposalal downsizing in both public and private sectors has created a group of individuals with strong knowledge and capabilities for cattish activities 6 and revenge. Contract professionals and external field of studys either brought into the U.S. on work visas to get hold of labor shortages or from inshore outsourcing projects are also let ind in this category of knowledgeable insiders. mutual Insider ThreatCommon chances of computer-related employee sabotage admit changing randomness deleting data destroying data or broadcasts with logical system bombs crashing systems guardianship data hostage destroying hardware or facilities entering data in chastisely, exposing afflictive and embarrassing proprietorship data to public view such(prenominal) as the salaries of top executives. Insiders fanny plant viruses, Trojan horses or worms, browse finished file systems or program poisonous code with little fortuity of sleuthing and with al well-nigh sum impunity.A 1998 FBI Survey 7 investigate computer crime shew that of the 520 companies consulted, 64% had cogitationed security breaches for a total quantifiable pecuniary disadvantage of $136 millions. (See chart)The vignette also set up that the largest number of breaches were by un inditeised insider access and concluded that these figures were very worldly-minded as most companies were unmindful(predicate) of malicious activities or reluctant to report breaches for fear of proscribe press. The survey reported that the average equal of an attack by an outsider (hacker) at $56,000, sequence the average insider attack cost a company free $2.7 million. It found that hidden costs associated with the besideston in staff hours, good liability, los s of proprietary teaching, decrease in productivity and the potential loss of credibility were impossible to quantify sinlessly.Employees who bring on ca apply damage pick out employ their knowledge and access to tuition resources for a range of motives, including greed, revenge for sensed grievances, ego gratification, re dissolving agent of personal or professional jobs, to protect or advance their careers, to challenge their skill, express anger, tincture separates, or some combination of these concerns.Insider CharacteristicsThe majority of the insiders were former employees.At the clock of the incident, 59% of the insiders were former employees or contr fakers of the touch on organizations and 41% were actual employees or contractors.The former employees or contractors odd their positions for a variety of reasons. These embarrass the insiders being fired (48%), resigning (38%), and being laid off (7%). some insiders were either previously or on-goingly utiliz e full-time in a expert position within the organization.Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight part of the insiders worked part-time, and an additional 8% had been utilized as contractors or consultants. Two (4%) of the insiders worked as jury-rigged employees, and one (2%) was hired as a subcontractor.Eighty-six pct of the insiders were industrious in skillful positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders non holding expert positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives.Insiders were demographically varied with work out to age, racial and ethnic background, gender, and marital status.The ins iders ranged in age from 17 to 60 years (mean age = 32 years)17 and represented a variety of racial and ethnic backgrounds.Ninety-six pct of the insiders were male.Forty-nine share of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced. Just under one-third of the insiders had an arrest history. cardinal percent of the insiders had been arrested previously, including arrests for violent offenses (18%), alcohol or drug related offenses (11%), and non pecuniary/ finesse related theft offenses (11%).Organization CharacteristicsThe incidents affected organizations in the following critical pedestal sectors beaching and finance (8%) pertinacity of government (16%)Defense industrial base (2%)Food (4%)Information and telecommunications (63%)postal and shipping (2%)Public health (4%)In all, 82% of the affected organizations were in private pains, while 16% were government entities. Sixty-three percent of the organiza tions employed in domestic military action only, 2% assiduous in outside(a) occupation only, and 35% engaged in action mechanism both domestically and internationally.What motivate insiders?Internal attackers tackle to break into computer networks for many reasons. The quash has been fruitfully studied and inner attackers are used to be cause with the following reasons BSB03Challenge more internal attackers initially attempt to break into networks for the challenge. A challenge combines strategic and tactical thinking, patience, and mental strength. However, internal attackers actuate by the challenge of intermission into networks much do non practically think some their actions as criminal. For example, an internal attack tail end be the challenge to break into the mail server in order to get access to antithetical emails of any employee.RevengeInternal attackers cause by revenge generate a great deal ill feelings toward employees of the same company. These atta ckers can be particularly insidious, because they more often than non stress on a single target, and they generally reach patience. In the case of revenge, attackers can also be former employees that feel that they read been wrongfully fired. For example, a former employee may be motivated to launch an attack to the company in order to cause financial losings.EspionageInternal attackers motivated by espionage, discriminate confidential selective schooling for a third party. In general, two types of espionage existsIndustrial espionageIndustrial espionage kernel that a company may pay its own employees in order to break into the networks of its competitors or handicraft partners. The company may also hire someone else to do this. transnational espionageInternational espionage means that attackers work for governments and steal confidential information for other governments.Definitions of insider threat1) The definition of insider threat should plow two main threat actor categories and five general categories of activities. The freshman actor category, the true insider, is localized as any entity (person, system, or code) trustworthy by command and mold elements to access network, system, or data. The second actor category, the pseudo-insider, is someone who, by policy, is not authorized the accesses, roles, and/or permissions they currently fill but may have gotten them inadvertently or through malicious activities.The activities of both fall into five general categoriesExceeds given network, system or data permissionsConducts malicious activeness against or across the network, system or dataProvided unapproved access to the network, system or dataCircumvents security controls or exploits security weaknesses to exceed authorized permitted activity or disguise oppositeiate orNon-maliciously or incidentally damages resources (network, system or data) by destruction, corruption, denial of access, or disclosure.(Presented at the University o f Louisville Cyber Securitys Day, October 2006)2) Insiders employees, contractors, consultants, and vendors pose as great a threat to an organizations security posture as outsiders, including hackers. hardly a(prenominal) organizations have implemented the policies, procedures, tools, or strategies to efficaciously address their insider threats. An insider threat legal opinion is a recommended first maltreat for many organizations, followed by policy review, and employee sentience prep.(Insider Threat ManagementPresented by infoLock Technologies)3) Employees are an organizations most important asset. Unfortunately, they also present the greatest security endangerments. Working and communication remotely, storing exquisite data on portable devices such as laptops, PDAs, cockle drives, and even iPods employees have lengthy the security perimeter beyond unattackable limits. While convenient access to data is postulate for operational efficiency, the actions of trusted insiders not just employees, but consultants, contactors, vendors, and partners essential be actively managed, audited, and monitored in order to protect medium data.(Presented by infoLock Technologies)4) The diversity of cyber threat has giving over time from network- direct attacks and password cracking to include refreshinger classes such as insider attacks, email worms and social engineering, which are currently recognized as expert security problems. However, attack mold and threat analysis tools have not evolved at the same rate. know formal models such as attack graphs perform action-centric vulnerability theoretical account and analysis. All possible atomic user actions are represented as states, and sequences which lead to the violation of a neology safety topographic point are extracted to indicate possible exploits.(Ramkumar Chinchani, Anusha Iyer, Hung Ngo, Shambhu Upadhyaya)5) The Insider Threat Study, preserveed by the U.S. Secret Service and Carnegie Mellon Universitys Software Engineering Institute CERT Program, canvas insider cyber crimes across U.S. critical foot sectors. The study indicates that counsel decisions related to organisational and employee performance sometimes feed unintended consequences magnifying insecurity of insider attack. Lack of tools for judgement insider threat, analyzing run a venture mitigation alternatives, and communicating results exacerbates the problem.(Dawn M. Cappelli, Akash G. Desai)6) The insider threat or insider problem is cited as the most serious security problem in many studies. It is also considered the most uncorrectable problem to deal with, because an insider has information and capabilities not cognize to other, external attackers. But the studies seldom define what the insider threat is, or define it nebulously. The difficulty in intervention the insider threat is reasonable under those band if one cannot define a problem precisely, how can one approach a solution, let una ccompanied know when the problem is solved?(Matt Bishop 2005) quintuple common insider threatExploiting information via remote access computer softwareA considerable amount of insider squall is performed offsite via remote access software such as Terminal Services, Citrix and GoToMyPC. just now put, users are less likely to be caught stealing sensitive information when they can it do offsite. Also, inadequately protect remote computers may turn up in the hands of a third-party if the computer is left unattended, disoriented or stolen.2.) Sending out information via e-mail and instant messageSensitive information can only be included in or attached to an e-mail or IM. Although this is a serious threat, its also one of the easiest to eliminate.3.) Sharing sensitive files on P2P networksWhether or not you allow peer-to-peer file sharing software such as Kazaa or IM on your network, odds are its thither and time lag to be abused. The inanimate software in and of itself is not th e problem its how its used that causes trouble. All it takes is a elemental misconfiguration to serve up your networks local and network drives to the world.4.) Careless use of piano tuner networksPerhaps the most unintentional insider threat is that of insecure wireless network usage. Whether its at a coffee shop, airport or hotel, unsecured airwaves can slowly put sensitive information in jeopardy. All it takes is a peek into e-mail communications or file transfers for valuable data to be stolen. Wi-Fi networks are most hypersensitized to these attacks, but male parentt overlook Bluetooth on smartphones and PDAs. Also, if you have WLANs inside your organization, employees could use it to exploit the network after hours.5.) visor information to discussion boards and blogsQuite often users post support requests, blogs or other work-related messages on the Internet. Whether intentional or not, this can include sensitive information and file attachments that put your organizat ion at risk.Views of varied authors about insider threat1) Although insiders in this report tended to be former technical employees, thither is no demographic profile of a malicious insider. Ages of perpetrators ranged from late teens to retirement. two men and women were malicious insiders. Their positions included programmers, graphic artists, system and network administrators, managers, and executives. They were currently employed and recently terminated employees, contractors, and temporary employees. As such, security cognisance training pauperisms to encourage employees to come upon malicious insiders by port, not by stereotypical characteristics. For example, behaviors that should be a source of concern include making threats against the organization, bragging about the damage one could do to the organization, or discussing plans to work against the organization. Also of concern are attempts to gain other employees passwords and to fraudulently obtain access through mi schief or exploitation of a trusted relationship.Insiders can be stopped, but stopping them is a mingled problem. Insider attacks can only be prevented through a layered defense strategy consisting of policies, procedures, and technical controls. Therefore, management must(prenominal) pay close assistance to many aspects of its organization, including its personal line of credit policies and procedures, organizational culture, and technical environment. Organizations must look beyond information engineering to the organizations overall business processes and the interplay amid those processes and the technologies used.(Michelle Keeney, J.D., Ph.D. atal 2005)2) While attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they read their organizations business and how their computer systems work. They have both the confidentiality a nd access to perform these attacks. An inside attacker will have a higher probability of successfully breaking into the system and extracting critical information. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and minded(p) a degree of trust.(Nam Nguyen and Peter Reiher, Geoffrey H. Kuenning)3) geographically distributed information systems achieve high availability that is crucial to their usefulness by replicating their state. Providing instant access at time of need regardless of current network connectivity requires the state to be replicated in every geographical site so that it is locally available. As network environments become increasingly hostile, we have to assume that part of the distributed information system will be compromised at some point. The problem of maintaining a replicated state in such a system is magnified when insider (or Byzantine) attacks are taken into account.(Yair Amir Cristina Nita-Rotaru)4) In 2006, over 60% of information security breaches were attributable to insider behavior, yet more than 80% of corporate IT security budgets were exhausted on securing perimeter defenses against outside attack. defend against insider threats means managing policy, process, engineering science, and most importantly, people. defend against insider threats means managing policy, process, technology, and most importantly, people.The Insider Threat discernment security awareness training, infrastructure reconfiguration, or third party solutions, you can take comfort in knowing that you have made the right choice to improve your security posture, and you will achieve your expected lead on Security Investment.(Presented by infoLock Technologies)5) The threat of attack from insiders is real and substantial. The 2004 ECrime fancy Survey TM conducted by the United States Secret Service, CERT Coordination Center (CERT/CC), and CSO Magazine, 1 found that in cases where respondents could identify the perpetrator of an electronic crime, 29 percent were committed by insiders. The refer from insider attacks can be devastating. One knotty case of financial fraud committed by an insider in a financial institution resulted in losses of over $600 million. 2 another(prenominal) case involving a logic bomb written by a technical employee working for a defense contractor resulted in $10 million in losses and the layoff of 80 employees.(Dawn Cappelli, Andrew Moore, Timothy Shimeall,2005)6) Insiders, by right of legitimate access to their organizations information, systems, and networks, pose a significant risk to employers. Employees experiencing financial problems have found it balmy to use the systems they use at work everyday to commit fraud. former(a) employees, motivated by financial problems, greed, or the wish to impress a sweet employer, have stolen confidential data, proprietary information, or intellectual property fro m their employer. Lastly, technical employees, possibly the most dangerous because of their intimate knowledge of an organizations vulnerabilities, have used their technical ability to sabotage their employers system or network in revenge for some negative work-related event.(Dawn M. Cappelli, Akash G. Desai ,at al 2004)7) The insider problem is considered the most difficult and critical problem in computer security. But studies that survey the earnestness of the problem, and research that analyzes the problem, rarely define the problem precisely. Implicit definitionsvary in meaning. Different definitions imply different countermeasures, as well as different assumptions.(Matt Bishop 2005)Solution User superviseInsiders have two things that external attackers dont privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts all while flying under the radar unless a strong incident sleuthing solution is in place.A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has contain access. Insiders can directly damage your business resulting in lost revenue, lost customers, reduced shareholder faith, a tarnished spirit, regulatory fines and legal fees. With such an grand threat, organizations need an automated solution to serve well detect and analyze vixenish Insider ActivityThese are some points which could be helpful in supervise and minimizing the insider threatsDetecting insider activity starts with an expanded logand event collection.Firewalls, routers and intrusion detection systems are important, but they are not enough.Organizations need to look deeper to include mission critical applications such as email applications, databases, operating systems, mainframes, access control solutions, physical security systems as well as individuation and content management products.Correlation identifying cog nise types of fishy and malicious behaviorAnomaly detection recognizing deviations from norms and baselines.Pattern stripping uncovering seemingly orthogonal events that show a pattern of laughable activityFrom case management, event annotation and escalation to reporting, auditing and access to insider-relevant information, the technical solution must be in line with the organizations procedures. This will ensure that insiders are intercommunicate consistently, efficiently and effectively regardless of who they are. bring up suspicious user activity patterns and identify anomalies.Visually track and create business-level reports on users activity.Automatically escalate the threat levels of suspicious and malicious individuals.Respond accord to your specific and unique corporate administration guidelines.Early detection of insider activity based on early word of advice indicators of suspicious behavior, such asStale or terminated accounts extravagant file make, unusual printi ng times andkeywords printedTraffic to suspicious destinations illegitimate peripheral device accessBypassing security controlsAttempts to alter or delete system logsInstallation of malicious softwareThe Insider Threat Study?The world-wide acceptance, business adoption and developing of the Internet, and of Internetworking technologies in general, in response to customer requests for online access to business information systems, has ushered in an extraordinary expansion of electronic business transactions. In travel from internal (closed) business systems to circulate systems, the risk of malicious attacks and fraudulent activity has increased enormously, thereby requiring high levels of information security. Prior to the requirement for online, circularise access, the information security budget of a typical company was less then their tea and coffee expenses.Securing net income has become a national priority. In The National Strategy to pander Cyberspace, the Presidents t iny Infrastructure Protection Board identify several critical infrastructure sectors10banking and financeinformation and telecommunicationstransportationpostal and shippingemergency gocontinuity of governmentpublic healthUniversitieschemical labor, textile industry and hazardous materialsagriculturedefense industrial baseThe cases examined in the Insider Threat Study are incidents perpetrated by insiders (current or former employees or contractors) who advisedly exceeded or misused an authorized level of network, system, or data access in a manner that affected the security of the organizations data, systems, or unremarkable business operations.Incidents included any compromise, employment of, unlicenced access to, transcend authorized access to, tampering with, or disabling of any information system, network, or data. The cases examined also included any in which there was an unauthorized or illegal attempt to view, disclose, retrieve, delete, change, or add information.A w hole secure, zero risk system is one which has zero functionality. Latest technology high-performance automated systems bring with them new risks in the shape of new attacks, new viruses and new software bugs, and so forth IT Security, therefore, is an ongoing process. Proper risk management keeps the IT Security plans, policies and procedures up to date as per new requirements and changes in the computing environment. To implement controls to counter risks requires policies, and policy can only be implemented successfully if the top management is committed. And policys effective implementation is not possible without the training and awareness of staff.The State Bank of Pakistan recognizes that financial industry is built well-nigh the sanctity of the financial transactions. owe to the critical role of financial institutions for a country and the extreme sensitivity of their information assets, the seriousness of ITSecurity and the ever-increasing threats it faces in todays open wo rld cannot be overstated. As more and more of our Banking Operations and products go become technology driven and dependent, consequently our reliance on these technology assets increases, and so does the need to protect and shelter these resources to ensure smooth surgery of the financial industry.Here are different area in which we can work and check insider threat, but I chose textile industry as in textile industry there is less awareness of the insider threat. If an insider attack in an industry then industrialist try to cover up this intelligence activity as these types of news about an industry can damage the reputation of the industry.Chapter 2 Review of LiteratureS, Axelsson. ,(2000) unidentified 2001Continuity of operations and correct functioning of information systems is important to most businesses. Threats to computerised information and process are threats to business quality and effectiveness. The objective of IT security is to put measures in place which elimina te or reduce significant threats to an acceptable level.Security and risk management are tightly bring together with quality management. Security measures should be implemented based on risk analysis and in accord with Quality structures, processes and checklists.What needs to be protected, against whom and how?Security is the protection of information, systems and services against disasters, mistakes and purpose so that the likelihood and impact of security incidents is minimised. IT security is comprised ofConfidentiality Sensitive business objects (information processes) are disclosed only to appoint persons. == Controls are required to choke access to objects.Integrity The business need to control modification to objects (information and processes). == Controls are required to ensure objects are accurate and complete.Availability The need to have business objects (information and services) available when needed. == Controls are required to ensure reliability of services. l egal Compliance Information/data that is collected, processed, used, passed on or destroyed must be handled in line with current legislation of the relevant countries.A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage.Stoneburner et al (2002)In this paper the author described a the risks which areTypes of Security Threats and Protection Against ThemTypes of Security Threats and Protection Against ThemIntroductionWhile attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they understand their organizations business and how their computer systems work. They have both the confidentiality and access to perform these attacks.An inside attacker will have a higher probability of successfully breaking into the system and extracting critical informati on. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and granted a degree of trust.A system administrator angered by his diminished role in a thriving defense manufacturing firm whose computer network he alone had developed and managed, centralized the software that supported the companys manufacturing processes on a single server, and then intimidated a coworker into giving him the only backup tapes for that software.Following the system administrators termination for inappropriate and abusive treatment of his coworkers, a logic bomb previously planted by the insider detonated, deleting the only remaining copy of the critical software from the companys server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees.An application developer, who lost his IT sector job as a result of company downsizing, expressed his displeasure at being laid off just prior to the Christmas holidays by launching a systematic attack on his former employers computer network. Three weeks following his termination, the insider used the username and password of one of his former coworkers to gain remote access to the network and modify several of the companys web pages, changing text and inserting pornographic images.He also sent each of the companys customers an email message advising that the website had been hacked. Each email message also contained that customers usernames and passwords for the website. An investigation was initiated, but it failed to identify the insider as the perpetrator. A month and a half later, he again remotely accessed the network, executed a script to reset all network passwords and changed 4,000 pricing records to reflect bogus information. This former employee ultimately was identified as the perpetrator and prosecuted. He was sentenced to serve five months in prison and two years on supervised prob ation, and ordered to pay $48,600 restitution to his former employer.A city government employee who was passed over for promotion to finance director retaliated by deleting files from his and a coworkers computers the day before the new finance director took office. An investigation identified the disgruntled employee as the perpetrator of the incident. City government officials disagreed with the primary police detective on the case as to whether all of the deleted files were recovered.No criminal charges were filed, and, under an agreement with city officials, the employee was allowed to resign.These incidents of sabotage were all committed by insiders individuals who were, or previously had been, authorized to use the information systems they eventually employed to perpetrate harm. Insiders pose a substantial threat by virtue of their knowledge of, and access to, employer systems and/or databases. Keeney, M., et al (2005)The Nature of Security ThreatsThe greatest threat to comput er systems and information comes from humans, through actions that are either malicious or ignorant 3 . Attackers, trying to do harm, exploit vulnerabilities in a system or security policy employing various methods and tools to achieve their aims. Attackers usually have a motive to disrupt normal business operations or to steal information.The above diagram is depicts the types of security threats that exist. The diagram depicts the all threats to the computer systems but main emphasis will be on malicious insiders. The greatest threat of attacks against computer systems are from insiders who know the codes and security measures that are in place 45. With very specific objectives, an insider attack can affect all components of security. As employees with legitimate access to systems, they are familiar with an organizations computer systems and applications.They are likely to know what actions cause the most damage and how to get away with it undetected. Considered members of the fam ily, they are often above suspicion and the last to be considered when systems malfunction or fail. Disgruntled employees create mischief and sabotage against systems. Organizational downsizing in both public and private sectors has created a group of individuals with significant knowledge and capabilities for malicious activities 6 and revenge. Contract professionals and foreign nationals either brought into the U.S. on work visas to meet labor shortages or from offshore outsourcing projects are also included in this category of knowledgeable insiders.Common Insider ThreatCommon cases of computer-related employee sabotage include changing data deleting data destroying data or programs with logic bombs crashing systems holding data hostage destroying hardware or facilities entering data incorrectly, exposing sensitive and embarrassing proprietary data to public view such as the salaries of top executives. Insiders can plant viruses, Trojan horses or worms, browse through file system s or program malicious code with little chance of detection and with almost total impunity.A 1998 FBI Survey 7 investigating computer crime found that of the 520 companies consulted, 64% had reported security breaches for a total quantifiable financial loss of $136 millions. (See chart)The survey also found that the largest number of breaches were by unauthorized insider access and concluded that these figures were very conservative as most companies were unaware of malicious activities or reluctant to report breaches for fear of negative press. The survey reported that the average cost of an attack by an outsider (hacker) at $56,000, while the average insider attack cost a company excess $2.7 million. It found that hidden costs associated with the loss in staff hours, legal liability, loss of proprietary information, decrease in productivity and the potential loss of credibility were impossible to quantify accurately.Employees who have caused damage have used their knowledge and ac cess to information resources for a range of motives, including greed, revenge for perceived grievances, ego gratification, resolution of personal or professional problems, to protect or advance their careers, to challenge their skill, express anger, impress others, or some combination of these concerns.Insider CharacteristicsThe majority of the insiders were former employees.At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors.The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization.Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-tim e, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor.Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives.Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status.The insiders ranged in age from 17 to 60 years (mean age = 32 years)17 and represented a variety of racial and ethnic backgrounds.Ninety-six percent of the insiders were male.Forty-nine percent of the insiders were married at the time of th e incident, while 45% were single, having never married, and 4% were divorced. Just under one-third of the insiders had an arrest history.Thirty percent of the insiders had been arrested previously, including arrests for violent offenses (18%), alcohol or drug related offenses (11%), and nonfinancial/ fraud related theft offenses (11%).Organization CharacteristicsThe incidents affected organizations in the following critical infrastructure sectorsBanking and finance (8%)Continuity of government (16%)Defense industrial base (2%)Food (4%)Information and telecommunications (63%)Postal and shipping (2%)Public health (4%)In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally.What motivate insiders?Internal attackers attempt to break into computer networks fo r many reasons. The subject has been fruitfully studied and internal attackers are used to be motivated with the following reasons BSB03ChallengeMany internal attackers initially attempt to break into networks for the challenge. A challenge combines strategic and tactical thinking, patience, and mental strength. However, internal attackers motivated by the challenge of breaking into networks often do not often think about their actions as criminal. For example, an internal attack can be the challenge to break into the mail server in order to get access to different emails of any employee.RevengeInternal attackers motivated by revenge have often ill feelings toward employees of the same company. These attackers can be particularly dangerous, because they generally focus on a single target, and they generally have patience. In the case of revenge, attackers can also be former employees that feel that they have been wrongfully fired. For example, a former employee may be motivated to l aunch an attack to the company in order to cause financial losses.EspionageInternal attackers motivated by espionage, steal confidential information for a third party. In general, two types of espionage existsIndustrial espionageIndustrial espionage means that a company may pay its own employees in order to break into the networks of its competitors or business partners. The company may also hire someone else to do this.International espionageInternational espionage means that attackers work for governments and steal confidential information for other governments.Definitions of insider threat1) The definition of insider threat should encompass two main threat actor categories and five general categories of activities. The first actor category, the true insider, is outlined as any entity (person, system, or code) authorized by command and control elements to access network, system, or data. The second actor category, the pseudo-insider, is someone who, by policy, is not authorized th e accesses, roles, and/or permissions they currently have but may have gotten them inadvertently or through malicious activities.The activities of both fall into five general categoriesExceeds given network, system or data permissionsConducts malicious activity against or across the network, system or dataProvided unapproved access to the network, system or dataCircumvents security controls or exploits security weaknesses to exceed authorized permitted activity or disguise identify orNon-maliciously or unintentionally damages resources (network, system or data) by destruction, corruption, denial of access, or disclosure.(Presented at the University of Louisville Cyber Securitys Day, October 2006)2) Insiders employees, contractors, consultants, and vendors pose as great a threat to an organizations security posture as outsiders, including hackers. Few organizations have implemented the policies, procedures, tools, or strategies to effectively address their insider threats. An insid er threat assessment is a recommended first step for many organizations, followed by policy review, and employee awareness training.(Insider Threat ManagementPresented by infoLock Technologies)3) Employees are an organizations most important asset. Unfortunately, they also present the greatest security risks. Working and communicating remotely, storing sensitive data on portable devices such as laptops, PDAs, thumb drives, and even iPods employees have extended the security perimeter beyond safe limits. While convenient access to data is required for operational efficiency, the actions of trusted insiders not just employees, but consultants, contactors, vendors, and partners must be actively managed, audited, and monitored in order to protect sensitive data.(Presented by infoLock Technologies)4) The diversity of cyber threat has grown over time from network-level attacks and password cracking to include newer classes such as insider attacks, email worms and social engineering, wh ich are currently recognized as serious security problems. However, attack modeling and threat analysis tools have not evolved at the same rate. Known formal models such as attack graphs perform action-centric vulnerability modeling and analysis. All possible atomic user actions are represented as states, and sequences which lead to the violation of a specie safety property are extracted to indicate possible exploits.(Ramkumar Chinchani, Anusha Iyer, Hung Ngo, Shambhu Upadhyaya)5) The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon Universitys Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences magnifying risk of insider attack. Lack of tools for understanding insider threat, analyzing risk mitigation alternatives, and communicating results exacerbate s the problem.(Dawn M. Cappelli, Akash G. Desai)6) The insider threat or insider problem is cited as the most serious security problem in many studies. It is also considered the most difficult problem to deal with, because an insider has information and capabilities not known to other, external attackers. But the studies rarely define what the insider threat is, or define it nebulously. The difficulty in handling the insider threat is reasonable under those circumstances if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved?(Matt Bishop 2005)Five common insider threatExploiting information via remote access softwareA considerable amount of insider abuse is performed offsite via remote access software such as Terminal Services, Citrix and GoToMyPC. Simply put, users are less likely to be caught stealing sensitive information when they can it do offsite. Also, inadequately protected remote computers may turn up in the hand s of a third-party if the computer is left unattended, lost or stolen.2.) Sending out information via e-mail and instant messagingSensitive information can simply be included in or attached to an e-mail or IM. Although this is a serious threat, its also one of the easiest to eliminate.3.) Sharing sensitive files on P2P networksWhether or not you allow peer-to-peer file sharing software such as Kazaa or IM on your network, odds are its there and waiting to be abused. The inanimate software in and of itself is not the problem its how its used that causes trouble. All it takes is a simple misconfiguration to serve up your networks local and network drives to the world.4.) Careless use of wireless networksPerhaps the most unintentional insider threat is that of insecure wireless network usage. Whether its at a coffee shop, airport or hotel, unsecured airwaves can easily put sensitive information in jeopardy. All it takes is a peek into e-mail communications or file transfers for valuab le data to be stolen. Wi-Fi networks are most susceptible to these attacks, but dont overlook Bluetooth on smartphones and PDAs. Also, if you have WLANs inside your organization, employees could use it to exploit the network after hours.5.) Posting information to discussion boards and blogsQuite often users post support requests, blogs or other work-related messages on the Internet. Whether intentional or not, this can include sensitive information and file attachments that put your organization at risk.Views of different authors about insider threat1) Although insiders in this report tended to be former technical employees, there is no demographic profile of a malicious insider. Ages of perpetrators ranged from late teens to retirement. Both men and women were malicious insiders. Their positions included programmers, graphic artists, system and network administrators, managers, and executives. They were currently employed and recently terminated employees, contractors, and temporar y employees. As such, security awareness training needs to encourage employees to identify malicious insiders by behavior, not by stereotypical characteristics. For example, behaviors that should be a source of concern include making threats against the organization, bragging about the damage one could do to the organization, or discussing plans to work against the organization. Also of concern are attempts to gain other employees passwords and to fraudulently obtain access through trickery or exploitation of a trusted relationship.Insiders can be stopped, but stopping them is a complex problem. Insider attacks can only be prevented through a layered defense strategy consisting of policies, procedures, and technical controls. Therefore, management must pay close attention to many aspects of its organization, including its business policies and procedures, organizational culture, and technical environment. Organizations must look beyond information technology to the organizations ove rall business processes and the interplay between those processes and the technologies used.(Michelle Keeney, J.D., Ph.D. atal 2005)2) While attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they understand their organizations business and how their computer systems work. They have both the confidentiality and access to perform these attacks. An inside attacker will have a higher probability of successfully breaking into the system and extracting critical information. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and granted a degree of trust.(Nam Nguyen and Peter Reiher, Geoffrey H. Kuenning)3) Geographically distributed information systems achieve high availability that is crucial to their usefulness by replicating their state. P roviding instant access at time of need regardless of current network connectivity requires the state to be replicated in every geographical site so that it is locally available. As network environments become increasingly hostile, we have to assume that part of the distributed information system will be compromised at some point. The problem of maintaining a replicated state in such a system is magnified when insider (or Byzantine) attacks are taken into account.(Yair Amir Cristina Nita-Rotaru)4) In 2006, over 60% of information security breaches were attributable to insider behavior, yet more than 80% of corporate IT security budgets were spent on securing perimeter defenses against outside attack. Protecting against insider threats means managing policy, process, technology, and most importantly, people. Protecting against insider threats means managing policy, process, technology, and most importantly, people.The Insider Threat Assessment security awareness training, infrastruct ure reconfiguration, or third party solutions, you can take comfort in knowing that you have made the right choice to improve your security posture, and you will achieve your expected Return on Security Investment.(Presented by infoLock Technologies)5) The threat of attack from insiders is real and substantial. The 2004 ECrimeWatch Survey TM conducted by the United States Secret Service, CERT Coordination Center (CERT/CC), and CSO Magazine, 1 found that in cases where respondents could identify the perpetrator of an electronic crime, 29 percent were committed by insiders. The impact from insider attacks can be devastating. One complex case of financial fraud committed by an insider in a financial institution resulted in losses of over $600 million. 2 Another case involving a logic bomb written by a technical employee working for a defense contractor resulted in $10 million in losses and the layoff of 80 employees.(Dawn Cappelli, Andrew Moore, Timothy Shimeall,2005)6) Insiders, by v irtue of legitimate access to their organizations information, systems, and networks, pose a significant risk to employers. Employees experiencing financial problems have found it easy to use the systems they use at work everyday to commit fraud. Other employees, motivated by financial problems, greed, or the wish to impress a new employer, have stolen confidential data, proprietary information, or intellectual property from their employer. Lastly, technical employees, possibly the most dangerous because of their intimate knowledge of an organizations vulnerabilities, have used their technical ability to sabotage their employers system or network in revenge for some negative work-related event.(Dawn M. Cappelli, Akash G. Desai ,at al 2004)7) The insider problem is considered the most difficult and critical problem in computer security. But studies that survey the seriousness of the problem, and research that analyzes the problem, rarely define the problem precisely. Implicit definit ionsvary in meaning. Different definitions imply different countermeasures, as well as different assumptions.(Matt Bishop 2005)Solution User monitoringInsiders have two things that external attackers dont privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts all while flying under the radar unless a strong incident detection solution is in place.A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has limited access. Insiders can directly damage your business resulting in lost revenue, lost customers, reduced shareholder faith, a tarnished reputation, regulatory fines and legal fees. With such an expansive threat, organizations need an automated solution to help detect and analyzeMalicious Insider ActivityThese are some points which could be helpful in monitoring and minimizing the insider threatsDetecting insider activi ty starts with an expanded logand event collection.Firewalls, routers and intrusion detection systems are important, but they are not enough.Organizations need to look deeper to include mission critical applications such as email applications, databases, operating systems, mainframes, access control solutions, physical security systems as well as identity and content management products.Correlation identifying known types of suspicious and malicious behaviorAnomaly detection recognizing deviations from norms and baselines.Pattern discovery uncovering seemingly unrelated events that show a pattern of suspicious activityFrom case management, event annotation and escalation to reporting, auditing and access to insider-relevant information, the technical solution must be in line with the organizations procedures. This will ensure that insiders are addressed consistently, efficiently and effectively regardless of who they are.Identify suspicious user activity patterns and identify anomal ies.Visually track and create business-level reports on users activity.Automatically escalate the threat levels of suspicious and malicious individuals.Respond according to your specific and unique corporate governing guidelines.Early detection of insider activity based on early warning indicators of suspicious behavior, such asStale or terminated accountsExcessive file printing, unusual printing times andkeywords printedTraffic to suspicious destinationsUnauthorized peripheral device accessBypassing security controlsAttempts to alter or delete system logsInstallation of malicious softwareThe Insider Threat Study?The global acceptance, business adoption and growth of the Internet, and of Internetworking technologies in general, in response to customer requests for online access to business information systems, has ushered in an extraordinary expansion of electronic business transactions. In moving from internal (closed) business systems to open systems, the risk of malicious attacks and fraudulent activity has increased enormously, thereby requiring high levels of information security. Prior to the requirement for online, open access, the information security budget of a typical company was less then their tea and coffee expenses.Securing cyberspace has become a national priority. In The National Strategy to Secure Cyberspace, the Presidents Critical Infrastructure Protection Board identified several critical infrastructure sectors10banking and financeinformation and telecommunicationstransportationpostal and shippingemergency servicescontinuity of governmentpublic healthUniversitieschemical industry, textile industry and hazardous materialsagriculturedefense industrial baseThe cases examined in the Insider Threat Study are incidents perpetrated by insiders (current or former employees or contractors) who intentionally exceeded or misused an authorized level of network, system, or data access in a manner that affected the security of the organizations data, sy stems, or daily business operations.Incidents included any compromise, manipulation of, unauthorized access to, exceeding authorized access to, tampering with, or disabling of any information system, network, or data. The cases examined also included any in which there was an unauthorized or illegal attempt to view, disclose, retrieve, delete, change, or add information.A completely secure, zero risk system is one which has zero functionality. Latest technology high-performance automated systems bring with them new risks in the shape of new attacks, new viruses and new software bugs, etc. IT Security, therefore, is an ongoing process. Proper risk management keeps the IT Security plans, policies and procedures up to date as per new requirements and changes in the computing environment. To implement controls to counter risks requires policies, and policy can only be implemented successfully if the top management is committed. And policys effective implementation is not possible withou t the training and awareness of staff.The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical role of financial institutions for a country and the extreme sensitivity of their information assets, the seriousness of ITSecurity and the ever-increasing threats it faces in todays open world cannot be overstated. As more and more of our Banking Operations and products services become technology driven and dependent, consequently our reliance on these technology assets increases, and so does the need to protect and safeguard these resources to ensure smooth functioning of the financial industry.Here are different area in which we can work and check insider threat, but I chose textile industry as in textile industry there is less awareness of the insider threat. If an insider attack in an industry then industrialist try to cover up this news as these types of news about an industry can damage the reput ation of the industry.Chapter 2 Review of LiteratureS, Axelsson. ,(2000)Anonymous 2001Continuity of operations and correct functioning of information systems is important to most businesses. Threats to computerised information and process are threats to business quality and effectiveness. The objective of IT security is to put measures in place which eliminate or reduce significant threats to an acceptable level.Security and risk management are tightly coupled with quality management. Security measures should be implemented based on risk analysis and in harmony with Quality structures, processes and checklists.What needs to be protected, against whom and how?Security is the protection of information, systems and services against disasters, mistakes and manipulation so that the likelihood and impact of security incidents is minimised. IT security is comprised ofConfidentiality Sensitive business objects (information processes) are disclosed only to authorised persons. == Controls ar e required to restrict access to objects.Integrity The business need to control modification to objects (information and processes). == Controls are required to ensure objects are accurate and complete.Availability The need to have business objects (information and services) available when needed. == Controls are required to ensure reliability of services.Legal Compliance Information/data that is collected, processed, used, passed on or destroyed must be handled in line with current legislation of the relevant countries.A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage.Stoneburner et al (2002)In this paper the author described a the risks which are