Modelling of Enterprise Insider Threats
Puloma Roy, Chandan Mazumdar
2015
Abstract
In this paper, a position has been taken to include the non-human active agents as insiders of an enterprise, as opposed to only human insiders as found in the literature. This eliminates the necessity of including the psycho-social and criminological behavioural traits to be incorporated in the management of insider threats. A framework of an Enterprise has been developed and it is shown that within the framework, both the human and non-human agents can be modelled as insider threats in a uniform manner. An example case has been analysed as supporting evidences for the point of view.
References
- Althebyan, Q., Panda, B., 2008. Performance Analysis of An Insider Threat Mitigation Model. In 3rd International Conference on Digital Information Management, ICDIM IEEE.
- Bishop, M., et. al, 2010. A Risk Management Approach To The “Insider Threat”. In The Insider Threats in Cyber Security, Advances in Information Security, SPRINGER.
- Bishop, M., Gates, C., 2008. We Have Met The Enemy And He Is Us. In The workshop on New security paradigms, ACM.
- Coles-Kemp, L., Theoharidou, M., 2010. Insider Threat and Information Security Management. In Insider Threats in Cyber Security, SPRINGER.
- CERT, 2013.Cyber Security Watch Survey, “How Bad Is the Insider Threat?”, Carnegie, Mellon University.
- Eberle,W., Holder, L., 2009. Insider Threat Detection Using Graph-Based Approaches. In Cyber security Applications & Technology Conference For Homeland Security, IEEE.
- Greitzer, FL., et. al, 2010. Identifying at-Risk Employees: A Behavioral Model for Predicting Potential Insider Threats. Pacific Northwest National Laboratory Richland, Washington.
- Greitzer, FL., et. al., 2009. Predictive Modeling for Insider Threat Mitigation. Pacific Northwest National Laboratory, Washington.
- Greitzer, FL., Hohimer, RE., 2011. Modeling Human Behavior to Anticipate InsiderAttacks. In Journal of Strategic Security, HMU.
- Meijer, E. And Kapoor, V, 2014. The Responsive Enterprise: Embracing the Hacker Way, Communications of the ACM.
- Moore, AP., et. al., 2009. Insider Theft Of Intellectual Property For Business Advantage: A Preliminary Model. In 1st International Workshop on Managing Insider Security Threats CERT Program, Software Engineering Institute and CyLab at Carnegie Mellon University.
- Legg, P., et. al, 2013. Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection, In Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISYOU.
- Moore, AP., et. al., 2011. .A Preliminary Model of Insider Theft of Intellectual Property. In Technical note Carnegie Mellon University, CERT.
- Nurse, J., et. al, 2014.Understanding Insider Threat: A Framework For Characterising Attacks, In Security and Privacy Workshops, IEEE.
- Pwc., 2013..Key findings from the 2013 US State of Cybercrime Survey.
- Shahbaz, M., Groz, R., 2009. Inferring Mealy Machines. In 2nd World Congress on Formal Methods, SPRINGER.
Paper Citation
in Harvard Style
Roy P. and Mazumdar C. (2015). Modelling of Enterprise Insider Threats . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 132-136. DOI: 10.5220/0005327901320136
in Bibtex Style
@conference{icissp15,
author={Puloma Roy and Chandan Mazumdar},
title={Modelling of Enterprise Insider Threats},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={132-136},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005327901320136},
isbn={978-989-758-081-9},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Modelling of Enterprise Insider Threats
SN - 978-989-758-081-9
AU - Roy P.
AU - Mazumdar C.
PY - 2015
SP - 132
EP - 136
DO - 10.5220/0005327901320136