User Account

All Pages

Insider threat-insider problem

Assignment Help Basic Computer Science
Reference no: EM131939677

Please paraphrase the below

Abstract

The insider threat has received considerable attention, and is often cited as the most serious security problem. It is also considered the most difficult problem to deal with, because an "insider" has information and capabilities not known to external attackers. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? This chapter presents some aspects of insider threats

1 Introduction

The "insider threat" or "insider problem" has received considerable attention [2, 13], and is cited as the most serious security problem in many studies. It is also consid- ered the most difficult problem to deal with, because an "insider" has information and capabilities not known to other, external attackers. However, the term "insider threat" is usually either not defined at all, or defined nebulously.

The difficulty in handling the insider threat is reasonable under those circum- stances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? It is noteworthy that, despite this im-ponderability, definitions of the insider threat still have some common elements. For example, a workshop report [4] defined the problem as malevolent (or possibly in- advertent) actions by an already trusted person with access to sensitive information and information systems. Elsewhere, that same report defined an insider as some- one with access, privilege, or knowledge of information systems and services. An- other report [12] implicitly defined an insider as anyone operating inside the security perimeter-while already the assumption of only having a single security perimeter may be optimistic.

Insiders and Insider Threats

One of the most urgent quests for communities dealing with insider threats is identifying the characteristic features of an insider. One approach for doing so is to look at recent insider threat cases, and try to find individual or common properties. This is an important step, since insider threat cases can be rather diverging.

To be able to deal with cases so divergent, one clearly needs 1) a common vision of how insiders can be categorized; and 2) security policies for countering insider threats, and ways to evaluate the impact of alternative security policies.

From analyzing cases several approaches to identifying an insider can be developed:

  • An insider is defined with respect to a resource, leading to "degrees of insider- ness";
  • An insider is somebody with legitimate access to resources;
  • An insider is a wholly or partially trusted subject;
  • An insider is an individual who has or had access to resources;
  • An insider is a system user who can misuse privileges;
  • An insider is an individual with authorized access who might attempt unautho- ?rized removal or sabotage of critical assets or who could aid outsiders in doing ?so; and
  • An insider is a person or company whom we trust.

These definitions immediately lead to a series of discussions on what is meant by "access" (code, credentials, timing of access rights), whether an insider is suffi- ciently defined based on resources or whether a definition should take the system into account, and how the definition relates to a masquerader, namely an outsider being able to trick a system into believing he is an insider. ?Exploring these aspects enables us to reason about what makes a good insider:

  • Knowledge, intent, motivation;
  • Possesses power to act as agent of the business;
  • Knowledge of underlying business IT platforms;
  • Knowledge/control over IT security controls; and
  • Ability to incur liability in pecuniary terms or in brand damage or other intangible ?terms.

The skill of insiders is also an important a factor defining the threat posed by ma- licious insiders, or non-malicious insiders just trying to get their job done. "Moti- vation" in general is an important question when dealing with insider threats and their consequences. This can cover the whole range from "innocent action", "fun", "technical challenge", "criminal intentions", to "espionage", or a combination of each of these factors. Surprisingly, even though one would expect the contrary, the effect of actions can be equally devastating for each of these motivations. This, of course, makes detecting a threat even more important-but also more complicated. A key observation is that the definition of an insider for threat purposes is different than the definition for business purposes.

Based on the aspects defined above, one can in turn decide how to defined an insider, namely in terms of someone with:

  • Knowledge: Implies an open system, one that remains secure (if at all) even with full knowledge of the system operation; alternatively, security through obscurity; or
  • Trust: An individual is empowered by the organization to be an insider; or
  • Access: An insider is in possession of a credential giving access to the system - an IT centric perspective, since the system in general does not know who ?possesses the credential.

Reference no: EM131939677

Questions Cloud

What is the ssid : Using what you know about your wireless networks (in your home or work), analyze the wireless network environment and answer the following questions.
An employee possesses to provide a fair compensation : Compensation is defined as a systematic approach to providing monetary value to employees in exchange for work performed.
Access between remote users and corporate network : Discuss the four main tunneling protocols used to provide virtual private network access between remote users and their corporate network.
What measures would tend to prevent its recurrence : Report upon an incident., perhaps involving yourself, in which "pointing associating" confusion (or name-calling or "associative" bypassing) was involved.
Insider threat-insider problem : The "insider threat" or "insider problem" has received considerable attention [2, 13], and is cited as the most serious security problem in many studies.
Write out a description of that process : Think about a regular task you encounter at work, or that you've experienced in past employment.
Information assurance aspect of access controls : What term is used to describe a system-created access control list that handles the information assurance aspect of access controls?
What are peoples thoughts on cookies : 1. Why is it important to maintain the state of your application? Discuss with examples.
What could have been done to prevent or correct situation : Report upon an incident, perhaps involving yourself, in which frozen evaluation played a role. Why did the incident occur?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd