Leung Chim scite author profile

Leung Chim

3Publications

2Citation Statements Received

70Citation Statements Given

How they've been cited

How they cite others

Affiliations

Defence Science and Technology Group

Publications

Order By: Most citations

There Is No Single Solution to the ‘Insider’ Problem but There Is a Valuable Way Forward

Bilusich

Chim

Nunes-Vaz

et al. 2018

View full text Add to dashboard Cite

The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation's viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as 'deterrence is the best approach for insiders'. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.

show abstract

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

Sektas-Bilusich¹,

Nunes-Vaz²,

Chim³

et al. 2020

IJSSE

View full text Add to dashboard Cite

Threats to information security from inside an organisation are difficult to manage as insiders, by definition, have legitimate access to the organisation's information, consistent with their roles. Impacts of insider threats range from minor information compromise perhaps through carelessness, to catastrophic financial and reputational damage. Security managers are required to continually upgrade security measures to reduce the risk posed by insider threats, however with so many security controls to choose from, finding optimal security solutions based on benefit-cost is challenging. We have developed a risk-based framework called Security-in-Depth (SiD) where residual risk is the metric that assists the security manager to make informed decisions on which security packages contribute more to the organisation's security objectives. We present a case study to illustrate the way our framework is applied, customised to manage a range of insider threats. Uncertainties about the future threat spectrum and the future effectiveness of controls are included in the framework to inform the decisionmaking process.

show abstract

1205 Is it all about price? Why anticancer drugs do not get recommended for government subsidy in Australia

Karikios¹,

Chim²,

Martin³

et al. 2015

European Journal of Cancer

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Leung Chim

There Is No Single Solution to the ‘Insider’ Problem but There Is a Valuable Way Forward

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

1205 Is it all about price? Why anticancer drugs do not get recommended for government subsidy in Australia

Contact Info

Product

Resources

About