Toward a Generic Model of Security in an Organizational Context: Exploring Insider Threats to Information Infrastructure (original) (raw)
Related papers
Behavioral and policy issues in information systems security: The insider threat
European Journal of Information Systems, 2009
Modern global economic and political conditions, technological infrastructure, and socio-cultural developments all contribute to an increasingly turbulent and dynamic environment for organizations, which maintain information systems (IS) for use in business, government, and other domains. As our institutions (economic, political, military, legal, social) become increasingly global and inter-connected; as we rely more on automated control systems to provide us with energy and services; and as we establish internet-based mechanisms for coordinating this global interaction, we introduce greater vulnerability to our systems and processes. This increased dependence on cyberspace also inflates our vulnerability -isolation is no longer an option. Perhaps no aspect of this phenomenon is as alarming and challenging as the need to understand and address the various risks to the security of the IS on which we depend.
Inside and out? The Information Security Threat From Insiders
This paper studies the management of information and knowledge flows for decisionsupport in crisis situations. Especially, the paper addresses the information needs of strategic level decision-makers in military organizations. The authors present the results of an empirical study carried out in Finland last year. The results contain general requirements and definition of the information contents of a strategic-level decision support system for the Finnish Defence Forces. The authors contrast these results to a system model of situation awareness. The model consists of information and knowledge categories and processes required for decision-making in crisis situations. Currently a prototype of a decision support system based on the system model and the results of the empirical study is under development.
Insider threat: a potential challenges for the information security domain
The growth of insider threat is ever expanding it proliferation in information technology sectors, managing such threat is one of the exquisite challenge for Information security professionals as well as it is also one of the earnest duties of the members of board and executives of the company concern. The insiders have exceptional privilege of accessing the various vital information and information systems in the organizations; they do sometime misuse such privilege due to immense reasons. Our studies depict that such threat can cause unbounded destruction to the business of the organization and make a situation highly exacerbated for an organization to achieve their objective. In this paper we deliver the result of an empirical study which shows that what the several reasons are which tends the insider of an organization to turn hostile, various methods used by insiders to create IT sabotage and also we researched various measures used to deter, detect and mitigate malicious insider threats.
The insider threat to information systems and the effectiveness of ISO17799
Computers & Security, 2005
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory, and explore the possible enhancements to the standard that could result from the study of more recent criminology theories. The paper concludes with supporting the argument for a multiparadigm and multidisciplinary approach towards IS security management and insider threat mitigation.
ACM Computing Surveys, 2019
Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. In this work we propose structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while using existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of incidents, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers' efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders' behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.
A Risk Management Approach to the “Insider Threat
2010
Recent surveys indicate that the financial impact and operating losses due to insider intrusions are increasing. But these studies often disagree on what constitutes an “insider;” indeed, manydefine it only implicitly. In theory, appropriate selection of, and enforcement of, properly specified security policies should prevent legitimate users from abusing their access to computer systems, information, and other resources. However, even if policies could be expressed precisely, the natural mapping between the natural language expression of a security policy, and the expression of that policyin a form that can be implemented on a computer system or network, createsgaps in enforcement. This paper defines “insider” precisely, in termsof thesegaps, andexploresan access-based modelfor analyzing threats that include those usually termed “insider threats.” This model enables an organization to order its resources based on thebusinessvalue for that resource andof the information it contains. By identifying those users with access to high-value resources, we obtain an ordered list of users who can cause the greatest amount of damage. Concurrently with this, we examine psychological indicators in order to determine which usersareatthe greatestriskofacting inappropriately. We concludebyexamining how to merge this model with one of forensic logging and auditing.
Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat
2014 Workshop on Socio-Technical Aspects in Security and Trust, 2014
An enterprise's information security policy is an exceptionally important control as it provides the employees of an organisation with details of what is expected of them, and what they can expect from the organisation's security teams, as well as informing the culture within that organisation. The threat from accidental insiders is a reality across all enterprises and can be extremely damaging to the systems, data and reputation of an organisation. Recent industry reports and academic literature underline the fact that the risk of accidental insider compromise is potentially more pressing than that posed by a malicious insider. In this paper we focus on the ability of enterprises' information security policies to mitigate the accidental insider threat. Specifically we perform an analysis of real-world cases of accidental insider threat to define the key reasons, actions and impacts of these events -captured as a grounded insider threat classification scheme. This scheme is then used to perform a review of a set of organisational security policies to highlight their strengths and weaknesses when considering the prevention of incidents of accidental insider compromise. We present a set of questions that can be used to analyse an existing security policy to help control the risk of the accidental insider threat.
Enemies within: Redefining the insider threat in organizational security policy
Security Journal, 2012
The critical importance of electronic information exchanges in the daily operation of most large modern organizations is causing them to broaden their security provision to include the custodians of exchanged data-the insiders. The prevailing data loss threat model mainly focuses upon the criminal outsider and mainly regards the insider threat as ' outsiders by proxy ' , thus shaping the relationship between the worker and workplace in information security policy. A policy that increasingly takes the form of social policy for the information age as it acquires the power to include and exclude sections of society and potentially to re-stratify it? This article draws upon empirical sources to critically explore the insider threat in organizations. It looks at the prevailing threat model before deconstructing ' the insider ' into various risk profi les, including the well-meaning insider, before drawing conclusions about what the building blocks of information security policy around the insider might be .