A Risk Management Approach to the "Insider Threat"
نویسندگان
چکیده
Recent surveys indicate that the financial impact and operating losses due to insider intrusions are increasing. But these studies often disagree on what constitutes an “insider;” indeed, many define it only implicitly. In theory, appropriate selection of, and enforcement of, properly specified security policies should prevent legitimate users from abusing their access to computer systems, information, and other resources. However, even if policies could be expressed precisely, the natural mapping between the natural language expression of a security policy, and the expression of that policy in a form that can be implemented on a computer system or network, creates gaps in enforcement. This paper defines “insider” precisely, in terms of these gaps, and explores an access-based model for analyzing threats that include those usually termed “insider threats.” This model enables an organization Matt Bishop Matt Bishop, Dept. of Computer Science, University of California at Davis e-mail: bishop@cs.
منابع مشابه
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage
The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon University’s Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences magnifying risk of insider attack. Lack of t...
متن کاملDealing with the Malicious Insider
This paper looks at a number of issues relating to the malicious insider and the nature of motivation, loyalty and the type of attacks that occur. The paper also examines the changing environmental, social, cultural and business issues that have resulted in an increased exposure to the insider threat. The paper then discusses a range of measures that can be taken to reduce both the likelihood o...
متن کاملThe insider threat to information systems and the effectiveness of ISO17799
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory,...
متن کاملSupervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data
Insider threat is a significant security risk for organizations, and detection of insider threat is of paramount concern to organizations. In this paper, we attempt to discover insider threat by analyzing enterprise social and online activity data of employees. To this end, we process and extract relevant features that are possibly indicative of insider threat behavior. This includes features e...
متن کامل