Insider Threat Security Reference Architecture

Montelibano, Joji; Moore, Andrew P.

doi:10.1109/hicss.2012.327

Cited by 5 publications

(4 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the first authors to identify the need to combine these sources need is Schultz, who notes, "many different potential indicators of internal attacks exist," and suggests several indicators including technical and nontechnical components. Others have championed the same cause [14]- [16], but few have implemented successful realworld socio-technical monitoring systems, and this remains an open research challenge.…”

Section: A Socio-technical Approaches and Predictive Modelsmentioning

confidence: 98%

Insider Threats to Cloud Computing: Directions for New Research Challenges

Claycomb

Nicoll

2012

2012 IEEE 36th Annual Computer Software and Applications Conference

108

View full text Add to dashboard Cite

Cloud computing related insider threats are often listed as a serious concern by security researchers, but to date this threat has not been thoroughly explored. We believe the fundamental nature of current insider threats will remain relatively unchanged in a cloud environment, but the paradigm does reveal new exploit possibilities. The common notion of a cloud insider as a rogue administrator of a service provider is discussed, but we also present two additional cloudrelated insider risks: the insider who exploits a cloud-related vulnerability to steal information from a cloud system, and the insider who uses cloud systems to carry out an attack on an employer's local resources. We also characterize a hierarchy of administrators within cloud service providers, give examples of attacks from real insider threat cases, and show how the nature of cloud systems architectures enables attacks to succeed. Finally, we discuss our position on future cloud research.

show abstract

Section: A Socio-technical Approaches and Predictive Modelsmentioning

confidence: 98%

Insider Threats to Cloud Computing: Directions for New Research Challenges

Claycomb

Nicoll

2012

2012 IEEE 36th Annual Computer Software and Applications Conference

108

View full text Add to dashboard Cite

show abstract

“…With so many controls available, the task for the security manager to select the best security package to implement is quite difficult. Insider security strategies, or approaches, have been developed to guide the security manager's focus in order to achieve a stronger security system as a whole [6,9,[33][34][35][36][37][38][39][40][41]. Some state where along the threat pathway the opportunity to stop the perpetrator is greatest.…”

Section: Introductionmentioning

confidence: 99%

“…This would enable them to prioritise their investments and customise their security arrangements to meet the organisation's needs. Security solutions should be guided by a conceptual framework that takes into account the various insider types, as well as how security controls interact to reduce insider risk along the various threat pathways [10,26,37,44,45].…”

Section: Introductionmentioning

confidence: 99%

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

Sektas-Bilusich¹,

Nunes-Vaz²,

Chim³

et al. 2020

IJSSE

View full text Add to dashboard Cite

Threats to information security from inside an organisation are difficult to manage as insiders, by definition, have legitimate access to the organisation's information, consistent with their roles. Impacts of insider threats range from minor information compromise perhaps through carelessness, to catastrophic financial and reputational damage. Security managers are required to continually upgrade security measures to reduce the risk posed by insider threats, however with so many security controls to choose from, finding optimal security solutions based on benefit-cost is challenging. We have developed a risk-based framework called Security-in-Depth (SiD) where residual risk is the metric that assists the security manager to make informed decisions on which security packages contribute more to the organisation's security objectives. We present a case study to illustrate the way our framework is applied, customised to manage a range of insider threats. Uncertainties about the future threat spectrum and the future effectiveness of controls are included in the framework to inform the decisionmaking process.

show abstract

“…This would enable them to prioritise their investments and to customise their security arrangements to meet the organisation's needs. Security arrangements should be guided by a conceptual framework that takes account of the insider category, as well as the way that security controls interact to reduce insider risk along the threat pathway [15], [22], [31], [38]. Low incidence rates combined with high potential impact suggest that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management [15], [22], [31], [39].…”

Section: Introductionmentioning

confidence: 99%

There Is No Single Solution to the ‘Insider’ Problem but There Is a Valuable Way Forward

et al. 2018

View full text Add to dashboard Cite

The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation's viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as 'deterrence is the best approach for insiders'. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.

show abstract

Insider Threat Security Reference Architecture

Cited by 5 publications

References 2 publications

Insider Threats to Cloud Computing: Directions for New Research Challenges

Insider Threats to Cloud Computing: Directions for New Research Challenges

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

There Is No Single Solution to the ‘Insider’ Problem but There Is a Valuable Way Forward

Contact Info

Product

Resources

About