Developing an Ontology for Individual and Organizational Sociotechnical Indicators of Insider Threat Risk
نویسندگان
چکیده
Human behavioral factors are fundamental to understanding, detecting and mitigating insider threats, but to date insufficiently represented in a formal ontology. We report on the design and development of an ontology that emphasizes individual and organizational sociotechnical factors, and incorporates technical indicators from previous work. We compare our ontology with previous research and describe use cases to demonstrate how the ontology may be applied. Our work advances current efforts toward development of a comprehensive knowledge base to support advanced reasoning for insider threat mitigation. Keywords— insider threat; sociotechnical indicators ontology; domain knowledge representation; SME knowledge modeling; human behavioral modeling; domain knowledge sharing
منابع مشابه
An Ontology for Insider Threat Indicators: Development and Application
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of ...
متن کاملAn Ontology for Insider Threat Indicators--Development and Applications
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of maliciou...
متن کاملA Method For Characterizing Sociotechnical Events Related to Insider Threat Sabotage
Analyzing historical cases of insider crimes to identify patterns or specific indicators of attack is a challenging task, particularly when using large volumes of free-text input sources, such as court documents and media reports. In this workshop paper, we offer a new process for processing, or coding, free-text descriptions of insider crimes for future analysis; specifically, we study cases o...
متن کاملTechnical Report: Creating a Preliminary Cyber Ontology for Insider Threats in the Financial Sector
Insider attack has become a major threat in financial sector and is a very serious and pervasive security problem. Currently, there is no insider threat ontology in this domain and such an ontology is critical to developing countermeasures against insider attacks. In this paper, we create an ontology focusing on insider attacks in the banking domain targeting database systems. We define the tax...
متن کاملAddressing Insider Threats in modern ERP Environments: Business Intelligence in the Cloud
Insider threats pose a serious risk to businesses yet risks posed by outsiders continue to remain in the spotlight. A study of insider threats is perhaps more difficult as researchers must address the socio-technical nature of the organization which requires a focus on interactions between individuals as well as between individuals and the organization’s information systems. For the purpose of ...
متن کامل