User Account

All Pages

Insider threat-insider problem

Assignment Help Basic Computer Science
Reference no: EM131939677

Please paraphrase the below

Abstract

The insider threat has received considerable attention, and is often cited as the most serious security problem. It is also considered the most difficult problem to deal with, because an "insider" has information and capabilities not known to external attackers. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? This chapter presents some aspects of insider threats

1 Introduction

The "insider threat" or "insider problem" has received considerable attention [2, 13], and is cited as the most serious security problem in many studies. It is also consid- ered the most difficult problem to deal with, because an "insider" has information and capabilities not known to other, external attackers. However, the term "insider threat" is usually either not defined at all, or defined nebulously.

The difficulty in handling the insider threat is reasonable under those circum- stances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? It is noteworthy that, despite this im-ponderability, definitions of the insider threat still have some common elements. For example, a workshop report [4] defined the problem as malevolent (or possibly in- advertent) actions by an already trusted person with access to sensitive information and information systems. Elsewhere, that same report defined an insider as some- one with access, privilege, or knowledge of information systems and services. An- other report [12] implicitly defined an insider as anyone operating inside the security perimeter-while already the assumption of only having a single security perimeter may be optimistic.

Insiders and Insider Threats

One of the most urgent quests for communities dealing with insider threats is identifying the characteristic features of an insider. One approach for doing so is to look at recent insider threat cases, and try to find individual or common properties. This is an important step, since insider threat cases can be rather diverging.

To be able to deal with cases so divergent, one clearly needs 1) a common vision of how insiders can be categorized; and 2) security policies for countering insider threats, and ways to evaluate the impact of alternative security policies.

From analyzing cases several approaches to identifying an insider can be developed:

  • An insider is defined with respect to a resource, leading to "degrees of insider- ness";
  • An insider is somebody with legitimate access to resources;
  • An insider is a wholly or partially trusted subject;
  • An insider is an individual who has or had access to resources;
  • An insider is a system user who can misuse privileges;
  • An insider is an individual with authorized access who might attempt unautho- ?rized removal or sabotage of critical assets or who could aid outsiders in doing ?so; and
  • An insider is a person or company whom we trust.

These definitions immediately lead to a series of discussions on what is meant by "access" (code, credentials, timing of access rights), whether an insider is suffi- ciently defined based on resources or whether a definition should take the system into account, and how the definition relates to a masquerader, namely an outsider being able to trick a system into believing he is an insider. ?Exploring these aspects enables us to reason about what makes a good insider:

  • Knowledge, intent, motivation;
  • Possesses power to act as agent of the business;
  • Knowledge of underlying business IT platforms;
  • Knowledge/control over IT security controls; and
  • Ability to incur liability in pecuniary terms or in brand damage or other intangible ?terms.

The skill of insiders is also an important a factor defining the threat posed by ma- licious insiders, or non-malicious insiders just trying to get their job done. "Moti- vation" in general is an important question when dealing with insider threats and their consequences. This can cover the whole range from "innocent action", "fun", "technical challenge", "criminal intentions", to "espionage", or a combination of each of these factors. Surprisingly, even though one would expect the contrary, the effect of actions can be equally devastating for each of these motivations. This, of course, makes detecting a threat even more important-but also more complicated. A key observation is that the definition of an insider for threat purposes is different than the definition for business purposes.

Based on the aspects defined above, one can in turn decide how to defined an insider, namely in terms of someone with:

  • Knowledge: Implies an open system, one that remains secure (if at all) even with full knowledge of the system operation; alternatively, security through obscurity; or
  • Trust: An individual is empowered by the organization to be an insider; or
  • Access: An insider is in possession of a credential giving access to the system - an IT centric perspective, since the system in general does not know who ?possesses the credential.

Reference no: EM131939677

Questions Cloud

What is the ssid : Using what you know about your wireless networks (in your home or work), analyze the wireless network environment and answer the following questions.
An employee possesses to provide a fair compensation : Compensation is defined as a systematic approach to providing monetary value to employees in exchange for work performed.
Access between remote users and corporate network : Discuss the four main tunneling protocols used to provide virtual private network access between remote users and their corporate network.
What measures would tend to prevent its recurrence : Report upon an incident., perhaps involving yourself, in which "pointing associating" confusion (or name-calling or "associative" bypassing) was involved.
Insider threat-insider problem : The "insider threat" or "insider problem" has received considerable attention [2, 13], and is cited as the most serious security problem in many studies.
Write out a description of that process : Think about a regular task you encounter at work, or that you've experienced in past employment.
Information assurance aspect of access controls : What term is used to describe a system-created access control list that handles the information assurance aspect of access controls?
What are peoples thoughts on cookies : 1. Why is it important to maintain the state of your application? Discuss with examples.
What could have been done to prevent or correct situation : Report upon an incident, perhaps involving yourself, in which frozen evaluation played a role. Why did the incident occur?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Developing a strong supply chain management process

Developing a strong Supply Chain Management (SCM) process to match IS system upgrades would provide what advantage(s)? In general, what will this process look like?

  Market failure and restore economic efficiency

"According to public choice theory, governments can always effectively remedy market failure and restore economic efficiency." True or False?

  Implement the priority queue as a heap of queues

Another solution uses an array of 20 queues, one for each priority value. Use this approach to implement the priority queue.

  Despite being a fairly old technology

Despite being a fairly old technology, menu-driven interfaces are very common in user interface design. Menu-driven interfaces consist of a series of screens which are navigated by choosing options from lists.

  Estimate the coordinates of the relative maxima

(a) Estimate the coordinates of the relative maxima, relative minima, or horizontal points of inflection by observing the graph.

  Determining the middle frequency

The resulting output from the modulation process is known as the middle frequency (MF) signal. True or false?

  Discuss the fundamental problems of information silos

Explain what an information silo is and discuss the fundamental problems of information silos. Close the discussion by explaining how this problem.

  Create a test class that tests your survey class

Create a test class that tests your survey class. This should test all of the members added to this point in any way that you desire, as long as it is proven that they function as required.

  Functions to decide whether the following statements

If f(x) = 7 + 3x - x3, then f'(x) = 3 - 3x2. Use these functions to decide whether the following statements are true or false.

  Explain the effect that each factor has on the yield

Identify at least four factors that affect a bond's yield. Briefly explain the effect that each factor has on the yield.

  Display the total salary paid for each department

Write the data to the file. When the user selects this option, dump the information in each array into a separate file. Do not write to the file until the arrays are full.

  Why is it difficult of the united kingdom

Why is it difficult of the United Kingdom to reach Full Employment? It is considered very unusual and almost impossible to get it down to 4%.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd