Enemies within: Redefining the insider threat in organizational security policy (original) (raw)

Behavioral and policy issues in information systems security: The insider threat

European Journal of Information Systems, 2009

Modern global economic and political conditions, technological infrastructure, and socio-cultural developments all contribute to an increasingly turbulent and dynamic environment for organizations, which maintain information systems (IS) for use in business, government, and other domains. As our institutions (economic, political, military, legal, social) become increasingly global and inter-connected; as we rely more on automated control systems to provide us with energy and services; and as we establish internet-based mechanisms for coordinating this global interaction, we introduce greater vulnerability to our systems and processes. This increased dependence on cyberspace also inflates our vulnerability -isolation is no longer an option. Perhaps no aspect of this phenomenon is as alarming and challenging as the need to understand and address the various risks to the security of the IS on which we depend.

Insider threats in corporate environments: a case study for data leakage prevention

2012

Insider threat: a potential challenges for the information security domain

The growth of insider threat is ever expanding it proliferation in information technology sectors, managing such threat is one of the exquisite challenge for Information security professionals as well as it is also one of the earnest duties of the members of board and executives of the company concern. The insiders have exceptional privilege of accessing the various vital information and information systems in the organizations; they do sometime misuse such privilege due to immense reasons. Our studies depict that such threat can cause unbounded destruction to the business of the organization and make a situation highly exacerbated for an organization to achieve their objective. In this paper we deliver the result of an empirical study which shows that what the several reasons are which tends the insider of an organization to turn hostile, various methods used by insiders to create IT sabotage and also we researched various measures used to deter, detect and mitigate malicious insider threats.

Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat

2014 Workshop on Socio-Technical Aspects in Security and Trust, 2014

An enterprise's information security policy is an exceptionally important control as it provides the employees of an organisation with details of what is expected of them, and what they can expect from the organisation's security teams, as well as informing the culture within that organisation. The threat from accidental insiders is a reality across all enterprises and can be extremely damaging to the systems, data and reputation of an organisation. Recent industry reports and academic literature underline the fact that the risk of accidental insider compromise is potentially more pressing than that posed by a malicious insider. In this paper we focus on the ability of enterprises' information security policies to mitigate the accidental insider threat. Specifically we perform an analysis of real-world cases of accidental insider threat to define the key reasons, actions and impacts of these events -captured as a grounded insider threat classification scheme. This scheme is then used to perform a review of a set of organisational security policies to highlight their strengths and weaknesses when considering the prevention of incidents of accidental insider compromise. We present a set of questions that can be used to analyse an existing security policy to help control the risk of the accidental insider threat.

A Risk Management Approach to the “Insider Threat

2010

Recent surveys indicate that the financial impact and operating losses due to insider intrusions are increasing. But these studies often disagree on what constitutes an “insider;” indeed, manydefine it only implicitly. In theory, appropriate selection of, and enforcement of, properly specified security policies should prevent legitimate users from abusing their access to computer systems, information, and other resources. However, even if policies could be expressed precisely, the natural mapping between the natural language expression of a security policy, and the expression of that policyin a form that can be implemented on a computer system or network, createsgaps in enforcement. This paper defines “insider” precisely, in termsof thesegaps, andexploresan access-based modelfor analyzing threats that include those usually termed “insider threats.” This model enables an organization to order its resources based on thebusinessvalue for that resource andof the information it contains. By identifying those users with access to high-value resources, we obtain an ordered list of users who can cause the greatest amount of damage. Concurrently with this, we examine psychological indicators in order to determine which usersareatthe greatestriskofacting inappropriately. We concludebyexamining how to merge this model with one of forensic logging and auditing.

Insider threats in Cyber Security: The enemy within the gates

ArXiv, 2019

Insider threats have become reality for civilian firms such as Tesla, which experienced sabotage and intellectual property theft, and Capital One, which suffered from fraud. Even greater social impact was caused by the data breach at the US Department of Defense, perpetrated by well-known attackers Chelsea Manning and Edward Snowden, whose espionage and hacktivist activities are widely known. The dramatic increase of such incidents in recent years and the incalculable damage committed by insiders must serve as a warning for all members of the cyber security community. It is no longer acceptable to continue to underestimate the problem of insider threats. Firms, organizations, institutions and governments need to lead and embrace a cultural change in their security posture. Through the adoption of an Insider Threat Program that engages all the strategic branches (including HR, Legal, Information Assurance, Cyber Security and Intelligence), coordinated by the chief information securit...

Organizational Vulnerability to Insider Threat

Communications in Computer and Information Science, 2016

Approaches to the study of organizational vulnerabilities to intentional insider threat has been narrow in focus. Cyber security research has dominated other forms of insider threat research [1]. However, within the scope of cyber security, the effort is predominantly focused on external threats or technological mitigation strategies. Deeper understanding of organizational vulnerabilities influencing insider threat and responses to insider threats beyond technological security remains limited in Australia. Despite the increasing potential threat and impact of such risk to organizations, empirical studies remain rare. This paper presents an initial study related to identifying organizational vulnerabilities associated with intentional insider threat. A Delphi Method was employed as part of a broader mixed methods study. There was a strong consensus amongst Australian experts as to the primary organizational vulnerabilities to insider threat. These main risks extend across personnel, process, technological and strategic (resource allocation) domains. The organizational vulnerabilities identified by Australian experts is consistent with research, literature, and guidelines, available from other countries. The results confirm the need to look beyond the narrow focus on individuals and technology in order to fully address the insider threat problem. Whilst only preliminary results are presented here, future analysis of data will focus on identifying best practice solutions for the Australian market.

Understanding Insider Threat: A Framework for Characterising Attacks

2014 IEEE Security and Privacy Workshops, 2014

The threat that insiders pose to businesses, institutions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and its prevalence. Despite this, however, there is still no unifying framework to fully characterise insider attacks and to facilitate an understanding of the problem, its many components and how they all fit together. In this paper, we focus on this challenge and put forward a grounded framework for understanding and reflecting on the threat that insiders pose. Specifically, we propose a novel conceptualisation that is heavily grounded in insiderthreat case studies, existing literature and relevant psychological theory. The framework identifies several key elements within the problem space, concentrating not only on noteworthy events and indicators-technical and behavioural-of potential attacks, but also on attackers (e.g., the motivation behind malicious threats and the human factors related to unintentional ones), and on the range of attacks being witnessed. The real value of our framework is in its emphasis on bringing together and defining clearly the various aspects of insider threat, all based on realworld cases and pertinent literature. This can therefore act as a platform for general understanding of the threat, and also for reflection, modelling past attacks and looking for useful patterns.

Insider threats in corporate environments

Proceedings of the Fifth Balkan Conference in Informatics on - BCI '12, 2012

Regardless of the established security controls that organizations have put in place to protect their digital assets, a rise in insider threats has been observed and particularly in incidents of data leakage. The importance of data as corporate assets is leading to a growing need for detection, prevention and mitigation of such violations by the organisations. In this paper we are investigating the different types of insider threats and their implications to the corporate environment, with specific emphasis to the special case of data leakage. Organisations should evaluate the risk they are facing due to insider threats and establish proactive measures towards this direction. In response to the challenging problem of identifying insider threats, we design a forensic readiness model, which is able to identify, prevent and log email messages, which attempt to leak information from an organisation with the aid of steganography.

Enemies within: Redefining the insider threat in organizational security policy (original) (raw)

Related papers