Special attention is paid to the definitions and taxonomies of the insider threat we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of incidents, 3) Simulations, and 4) Defense solutions. The objective of our categorization is to systematize knowledge in insider threat research, while using existing grounded theory method for rigorous literature review. In this work we propose structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. FIM, RBAC, ABAC, behavioral, peer, precursors, access, authentication, predictive, analytics, system, dynamics, demographics Keywords: Cybersecurity, Professor Paul Pantani, CERT, malicious, insider,IDS, SIEMS. Other methods include conduct of a comprehensive Malicious Insider risk assessment, selective monitoring of employees in response to behavioral precursors, minimizing unknown access paths, control of the organization’s production software baseline, and effective use of peer reporting. Some of the procedural and technical methods include definition of, follow through, and consistent application of corporate, and dealing with adverse events indigenous to the business environment. Techniques for detecting and mitigating the threat are available and can be effectively applied. Dealing effectively with the threat involves managing the dynamic interaction between employees, their work environment and work associates, the systems with which they interact, and organizational policies and procedures. The results reveal that addressing the Malicious Insider threat is much more than just a technical issue. The purpose of this research was to investigate who constitutes MI threats, why and how they initiate attacks, the extent to which MI activity can be modeled or predicted, and to suggest some risk mitigation strategies. In spite of the damage they cause there are indications that the seriousness of insider incidents are underappreciated as threats by management. Although incidents initiated by malicious insiders are fewer in number than those initiated by external threats, insider incidents are more costly on average because the threat is already trusted by the organization and often has privileged access to the organization’s most sensitive information. Malicious Insider threats consist of employees, contractors, or business partners who either have current authorized access, or have had authorized access to an organization’s critical information and have intentionally misused that access in a manner that compromised the organization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |