Modeling Insider Threat Types in Cyber Organizations

被引：0

作者：

Santos, Eunice E. ^{[1
]}

Santos, Eugene, Jr. ^{[2
]}

Korah, John ^{[1
]}

Thompson, Jeremy E. ^{[2
]}

Murugappan, Vairavan ^{[1
]}

Subramanian, Suresh ^{[1
]}

Zhao, Yan ^{[2
]}

机构：

[1] IIT, Dept Comp Sci, Chicago, IL 60616 USA

[2] Dartmouth Coll, Thayer Sch Engn, Hanover, NH 03755 USA

来源：

2017 IEEE INTERNATIONAL SYMPOSIUM ON TECHNOLOGIES FOR HOMELAND SECURITY (HST) | 2017年

关键词：

Bayesian knowledge bases (BKBs); insider threat; computational modeling; behavioral modeling; social modeling; trust; manipulation; cyber security;

D O I：

暂无

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Insider threats can cause immense damage to organizations of different types, including government, corporate, and non-profit organizations. Being an insider, however, does not necessarily equate to being a threat. Effectively identifying valid threats, and assessing the type of threat an insider presents, remain difficult challenges. In this work, we propose a novel breakdown of eight insider threat types, identified by using three insider traits: predictability, susceptibility, and awareness. In addition to presenting this framework for insider threat types, we implement a computational model to demonstrate the viability of our framework with synthetic scenarios devised after reviewing real world insider threat case studies. The results yield useful insights into how further investigation might proceed to reveal how best to gauge predictability, susceptibility, and awareness, and precisely how they relate to the eight insider types.

引用

页数：7

共 50 条

[41] Threat modeling state of practice in Dutch organizations
Verreydt, Stef
Yskout, Koen
Sion, Laurens
Joosen, Wouter
PROCEEDINGS OF THE TWENTIETH SYMPOSIUM ON USABLE PRIVACY AND SECURITY, SOUPS 2024, 2024, : 473 - 486
[42] The insider threat ‘zoo’
Renaud K.
Warkentin M.
Computer Fraud and Security, 2024, 2024 (05):
[43] Enterprise Cyber Threat Modeling and Simulation of Loss Events for Cyber Risk Quantification
Ellerhold, Christian
Schnagl, Johann
Schreck, Thomas
PROCEEDINGS OF THE 2023 CLOUD COMPUTING SECURITY WORKSHOP, CCSW 2023, 2023, : 17 - 29
[44] Danger of the insider threat
Infosecurity, 2007, 2 (05)
[45] Addressing the insider threat
Application Security Inc
Netw. Secur., 2008, 3 (11-14):
[46] Reflections on the insider threat
Pfleeger, Charles P.
INSIDER ATTACK AND CYBER SECURITY: BEYOND THE HACKER, 2008, 39 : 5 - 15
[47] Threat Modeling of Cyber-Physical Systems in Practice
Jamil, Ameerah-Muhsinah
Ben Othmane, Lotfi
Valani, Altaz
RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS 2021), 2022, 13204 : 3 - 19
[48] Service-Oriented Modeling for Cyber Threat Analysis
Leune, Kees
Kim, Sung
PROCEEDINGS OF THE TENTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, CODASPY 2020, 2020, : 150 - 152
[49] A Role Modeling Based Approach for Cyber Threat Analysis
Drouot, Bastien
Golra, Fahad R.
Champeau, Joel
MODEL-DRIVEN ENGINEERING AND SOFTWARE DEVELOPMENT, MODELSWARD 2019, 2020, 1161 : 76 - 100
[50] Integrating Cyber Deception Into Attribute-Based Access Control (ABAC) for Insider Threat Detection
Alohaly, Manar
Balogun, Olusesi
Takabi, Daniel
IEEE ACCESS, 2022, 10 : 108965 - 108978

← 1 2 3 4 5 →