Insider Threats

@inproceedings{Fitzgerald2011InsiderT,
  title={Insider Threats},
  author={Todd Fitzgerald},
  booktitle={Encyclopedia of Information Assurance},
  year={2011}
}
  • T. Fitzgerald
  • Published in
    Encyclopedia of Information…
    2011
  • Computer Science
In this paper, we present the concept of “Ben-ware” as a beneficial software system capable of identifying anomalous human behaviour within a ‘closed’ organisation’s IT infrastructure. We note that this behaviour may be malicious (for example, an employee is seeking to act against the best interest of the organisation by stealing confidential information) or benign (for example, an employee is applying some workaround to complete their job). To help distinguish between users who are… 
Gargoyle: A Network-based Insider Attack Resilient Framework for Organizations
TLDR
Gargoyle is proposed, a network-based insider attack resilient framework against the most complex insider threats within a pervasive computing context that evaluates the trustworthiness of an access request context through a new set of contextual attributes called Network Context Attribute (NCA).
Study on Inside Threats Based on Analytic Hierarchy Process
TLDR
Realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization and a quantitative process and decision-making tool were developed.
A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities
TLDR
Using artificial intelligence planning techniques, an automated tool can be developed to evaluate the cyber risks to critical infrastructure and be used to automatically identify the adversarial strategies (attack trees) that can compromise these systems.
Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses
TLDR
The utility of the cyber kill chain to understand insider threats, as well as the underpinning human behavior and psychological factors are explored, in line with the current state of theart cyber security requirements.
Research on Behavior-Based Data Leakage Incidents for the Sustainable Growth of an Organization
TLDR
Data leakage behaviors by insiders are analyzed through an analysis of previous studies and the implementation of an in-depth interview method and the levels of risk are clarified to reduce false-positives and over detection and make preemptive security activities possible.
A Novel Approach for Detection Insider Attacker Using Body Language
TLDR
This paper proposes approach to obtain early indicator to insider attacker before doing the crime by using three of negative body language gestures which referred to feeling of insecure, ready for an attack, doubt and a lack of self-confidence.
Hardware-Aided Privacy Protection and Cyber Defense for IoT
TLDR
This work focuses on discovering information leakage beyond people’s common sense from even seemingly benign signals, and explores how much private information the authors can extract by designing information extraction systems, and argues for stricter access control on newly coming sensors.
Reducing Data Loss and Saving Money by Acquiring Data Loss Prevention Software
TLDR
This thesis paper will explain why and how acquiring data loss prevention (DLP) software will help a company to reduce data loss, mitigate the loss impact and save money.
Factors Affecting Employee Intentions to Comply With Password Policies
TLDR
Examination of the relationship between employees’ attitudes towards password policies, information security awareness, password self-efficacy, and employee intentions to comply with password policies suggested that a reduction in security breaches may promote more public confidence in organizational information systems.
Insider Threat Detection Using Natural Language Processing and Personality Profiles
TLDR
Profiles were developed for the relevant insider threat types using the five-factor model of personality and were used in a proof-of-concept detection system that employs a third-party cloud service that uses natural language processing to analyze personality profiles based on personal content.
...
...

References

SHOWING 1-10 OF 16 REFERENCES
Decision Support Procedure in the Insider Threat Domain
TLDR
A 10-step analyst program is offered, which offers a common-sense approach to limiting the damage a malicious trusted user can achieve, and will be crucial to detecting technically savvy malicious users with legitimate network and data access.
Threats to Information Systems: Today's Reality, Yesterday's Understanding
TLDR
A study investigating MIS executives' concern about a variety of threats found computer viruses to be a particular concern, highlighting a gap between the use of modern technology and the understanding of the security implications inherent in its use.
Weak models for insider threat detection
  • Paul Thompson
  • Computer Science
    SPIE Defense + Commercial Sensing
  • 2004
TLDR
A content-based approach to detecting insider misuse by an analyst producing reports in an environment supported by a document control system and makes use of Hidden Markov Models to represent stages in the EBIAPM.
Enemies within: Redefining the insider threat in organizational security policy
The critical importance of electronic information exchanges in the daily operation of most large modern organizations is causing them to broaden their security provision to include the custodians of
Modeling Human Behavior to Anticipate Insider Attacks
TLDR
A predictive modeling framework is described that integrates a diverse set of data sources from the cyber domain, as well as inferred psychological/motivational factors that may underlie malicious insider exploits to help focus the analyst's attention and inform the analysis.
An Insider Threat Prediction Model
TLDR
A novel, interdisciplinary insider threat prediction model is presented, which combines approaches, techniques, and tools from computer science and psychology, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system and the organization.
Honeypots: catching the insider threat
  • L. Spitzner
  • Computer Science
    19th Annual Computer Security Applications Conference, 2003. Proceedings.
  • 2003
TLDR
Honeypot technologies can be used to detect, identify, and gather information on these specific threats, including the advance insider, the trusted individual who knows internal organization.
Proactive Insider Threat Detection through Graph Learning and Psychological Context
TLDR
This paper proposes an approach that combines Structural Anomaly Detection from social and information networks and Psychological Profiling of individuals to detect structural anomalies in large-scale information network data, while PP constructs dynamic psychological profiles from behavioral patterns.
An Ontological Approach to the Document Access Problem of Insider Threat
TLDR
The research and prototyping of a system that takes an ontological approach, and is primarily targeted for use by the intelligence community, is described, which utilizes the notion of semantic associations and their discovery among a collection of heterogeneous documents.
...
...