A Risk Management Approach to the “Insider Threat”

Bishop, Matt; Engle, Sophie; Frincke, Deborah A.; Gates, Carrie; Greitzer, Frank L.; Peisert, Sean; Whalen, Sean

doi:10.1007/978-1-4419-7133-3_6

Cited by 21 publications

(14 citation statements)

References 24 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bishop et al [13], [14] propose a graduated notion of insiderness. They introduce a hierarchy of policy abstractions, and argue that the discrepancies between the different layers of abstraction are useful for identifying insider threats.…”

Section: A Motivating Studiesmentioning

confidence: 99%

Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

Azaria

Richardson

Kraus

et al. 2014

IEEE Trans. Comput. Soc. Syst.

110

View full text Add to dashboard Cite

The problem of insider threat is receiving increasing attention both within the computer science community as well as government and industry. This paper starts by presenting a broad, multidisciplinary survey of insider threat capturing contributions from computer scientists, psychologists, criminologists, and security practitioners. Subsequently, we present the behavioral analysis of insider threat (BAIT) framework, in which we conduct a detailed experiment involving 795 subjects on Amazon Mechanical Turk (AMT) in order to gauge the behaviors that real human subjects follow when attempting to exfiltrate data from within an organization. In the real world, the number of actual insiders found is very small, so supervised machine-learning methods encounter a challenge. Unlike past works, we develop bootstrapping algorithms that learn from highly imbalanced data, mostly unlabeled, and almost no history of user behavior from an insider threat perspective. We develop and evaluate seven algorithms using BAIT and show that they can produce a realistic (and acceptable) balance of precision and recall.

show abstract

Section: A Motivating Studiesmentioning

confidence: 99%

Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

Azaria

Richardson

Kraus

et al. 2014

IEEE Trans. Comput. Soc. Syst.

110

View full text Add to dashboard Cite

show abstract

“…115-137. 17 Bishop et al, 2010. 18 Imperva, Insiders: The Threat Is Already Within, Hacker Intelligence Initiative Report, Redwood Shores, Calif., 2016.…”

Section: Does the Us Government Consider Security Negligence A Formmentioning

confidence: 99%

Assessing Continuous Evaluation Approaches for Insider Threats: How Can the Security Posture of the U.S. Departments and Agencies Be Improved?

Luckey¹,

Stebbins²,

Orrie³

et al. 2019

View full text Add to dashboard Cite

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest.RAND's publications do not necessarily reflect the opinions of its research clients and sponsors. Support RANDMake a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org For more information on this publication, visit www.rand.org/t/RR2684Library of Congress Cataloging-in-Publication Data is available for this publication.

show abstract

“…Park and Giordano [25] reverse the Hu et al approach, analyzing a user's behavior and checking that it is as expected. Several researchers [26]- [28] incorporate risk assessment into an extended access control framework, adapting user privileges based on role, attributes, and level of trust, which drops when a user's behavior becomes suspicions. Other work extends the RBAC model by focusing on generalized attributes of people and data, and placing the insider threat in the context of modeling policies using layers of abstraction [29], [30].…”

Section: Related Workmentioning

confidence: 99%

Insider Threat Identification by Process Analysis

Bishop

Conboy

Phan

et al. 2014

2014 IEEE Security and Privacy Workshops

Self Cite

View full text Add to dashboard Cite

Abstract-The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.

show abstract

A Risk Management Approach to the “Insider Threat”

Cited by 21 publications

References 24 publications

Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

Assessing Continuous Evaluation Approaches for Insider Threats: How Can the Security Posture of the U.S. Departments and Agencies Be Improved?

Insider Threat Identification by Process Analysis

Contact Info

Product

Resources

About