Search and Find
Service
Insider Threats in Cyber Security
of: Christian W. Probst, Jeffrey Hunker, Dieter Gollmann
Springer-Verlag, 2010
ISBN: 9781441971333 , 244 Pages
Format: PDF, Read online
Copy protection: DRM
Preface
6
Contents
7
Aspects of Insider Threats
12
1 Introduction
12
2 Insiders and Insider Threats
13
2.1 Insider Threats
16
2.2 Taxonomies
17
3 Detection and Mitigation
18
4 Policies
20
5 Human Factors and Compliance
22
6 Conclusion
24
References
26
Combatting Insider Threats
27
1 A Contextual View of Insiders and Insider Threats
27
2 Risks of Insider Misuse
30
2.1 Types of Insiders
30
2.2 Types of Insider Misuse
31
3 Threats, Vulnerabilities, and Risks
32
3.1 Relevant Knowledge and Experience
33
3.2 Exploitations of Vulnerabilities
34
3.3 Potential Risks Resulting from Exploitations
35
4 Countermeasures
35
4.1 Specification of Sound Policies for Data Gathering and Monitoring
37
4.2 Detection, Analysis, and Identification of Misuse
38
4.3 Desired Responses to Detected Anomalies and Misuses
39
5 Decomposition of Insider Misuse Problems
39
5.1 Stages of Development and Use
40
5.2 Extended Profiling Including Psychological and Other Factors
41
6 Requirements for Insider-Threat-Resistant High-Integrity Elections
43
7 Relevance of the Countermeasures to Elections
46
8 Research and Development Needs
49
9 Conclusions
50
References
51
Insider Threat and Information Security Management
55
1 Introduction
55
2 Definitions of Insider and the Relevance to Information Security Management
56
3 Risk and Insiderness
59
3.1 The Importance of Organisational Culture and the Significance of Cultural Risks
61
3.2 Fieldwork on Culture and the Insider Threat
61
4 The Structure of the ISMS and Traditional Information Security Management Responses to Insiderness
63
4.1 Analysis Turning an ISMS Inwards
64
4.2 The Role of Operationalisation
65
5 Information Security Management Standards, Best Practice and the Insider Threat
66
5.1 General Security Management Standards
66
5.2 Guidelines Focused on the Management of the Insider Threat
67
5.3 Analysis of the Contribution of Best Practice and Guidelines
70
6 Crime theories and insider threat
71
6.1 Existing Connections between Crime Theories and Information Security Management
72
7 Implications of Crime Theories for ISMS Design
73
7.1 Application of SCP to the ISO Control Domains
74
7.2 Implications for ISMS Process Design
76
7.3 Summary of Crime Theory Contribution
78
8 Conclusions
79
References
80
A State of the Art Survey of Fraud Detection Technology
82
1 Introduction
82
1.1 Data Analysis Methodology
83
1.1.1 General
83
1.1.2 Procedure
84
2 Survey of Technology for Fraud Detection in Practice
85
2.1 General Approaches for Intrusion and Fraud Detection
85
2.2 State of the Art of Fraud Detection Tools and Techniques
87
3 Why Fraud Detection is not the Same as Intrusion Detection
89
4 Challenges for Fraud Detection in Information Systems
91
5 Summary
91
Acknowledgements
92
References
93
Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigatio
94
1 Introduction
94
2 Background
97
3 Issues of Security and Privacy
100
4 Predictive Modeling Approach
103
5 Training Needs
115
6 Conclusions and Research Challenges
118
7 Acknowledgments
120
References
120
A Risk Management Approach to the “Insider Threat”
123
1 Introduction
124
2 Insider Threat Assessment
125
2.1 Example
128
2.2 Summary
130
3 Access-Based Assessment
130
4 Psychological Indicator-Based Assessment
134
5 Application of Risk to System Countermeasures
138
5.1 Example
141
5.2 Summary
143
6 Conclusion
143
References
143
Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection
146
1 Introduction
146
2 Monitoring Modern Distributed Systems
147
2.1 Evidence Model
149
3 Observing Fraudulent Service Behaviours
152
3.1 Architectural Support
155
4 Introduction to the Legal Perspective
156
5 Basic Principles of Data Privacy Law
157
5.1 A Set of Six Basic Rules
158
5.1.1 Data Avoidance
158
5.1.2 Transparency
159
5.1.3 Purpose Specification and Binding
159
5.1.4 ProhibitionWithout Explicit Permission
159
5.1.5 Data Quality
160
5.1.6 Data Security
160
6 General Legal Requirements of Fraud Detection Systems
160
6.1 Privacy Relevance of Fraud Detection Systems
161
6.2 Necessary Data for Fraud Detection
161
6.3 Transparency in the Fraud Detection Context
162
6.4 Purpose Specification and Binding in Fraud Detection
162
6.5 Permissibility of Fraud Detection
162
6.6 Quality of Event Data
163
6.7 Security of Event Data
163
7 Technical Solutions for Privacy-respecting Fraud Detection
163
7.1 Technical Requirements
164
7.1.1 Requirements for Open Data
166
7.1.2 Specific Requirements for Pseudonyms in Open Data
166
7.1.3 Specific Requirements for Covered Data
167
7.2 Lossless Information Reduction with Covered Data
168
7.3 Lossy Information Reductions for Timestamps
168
7.3.1 Architecture and Algorithm
169
7.3.2 Limitations
170
7.3.3 Evaluation
171
8 Legal Improvements by Pseudonymizing Event Data
172
8.1 Technical Description
172
8.2 Privacy Relevance of Pseudonymized Event Data
173
8.3 Strengthening the Data Privacy Official
174
8.4 Disclosure With Legal Permission
174
8.5 Data and System Security
175
9 Conclusion
175
Acknowledgements
176
References
176
Towards an Access-Control Framework for Countering Insider Threats
179
1 Introduction
179
2 Motivation and related work
183
2.1 Illustrative scenarios
183
2.2 Definitions of insiders
185
2.3 Access control
186
2.4 The insider problem and access control
187
3 Trust, trustworthiness, and the insider problem
188
3.1 Insiderness
189
3.2 Trust management and risk assessment
189
3.3 Pragmatics of identifying suspicious events
190
4 Toward a contextand insider-aware policy language
191
4.1 Context and request predicates
192
4.2 Requirements
192
4.3 Policy transformations via declarative programming
193
4.4 Discussion of requirements
194
4.5 Policy transformations
195
4.6 Riskand trustworthiness-aware policy composition
196
5 Access-control architectures and the insider problem
197
6 Concluding remarks
198
References
200
Monitoring Technologies for Mitigating Insider Threats
202
1 Introduction
202
2 Related Research
205
3 Threat Model Level of Sophistication of the Attacker
206
4 Decoy Properties
207
5 Architecture
212
5.1 Decoy Document Distributor
212
5.2 SONAR
213
5.3 Decoys and Network Monitoring
213
5.4 Host-based Sensors
216
6 Concluding Remarks and Future Work
220
Acknowledgments
221
References
222
Insider Threat Specification as a Threat Mitigation Technique
223
1 Introduction
223
1.1 The Insider Threat Problem
224
2 Background
225
2.1 The Common Intrusion Specification Language
225
2.2 Panoptis
229
3 Insider Misuse Taxonomies and Threat Models
230
4 The Scope of the Insider Threat Prediction Specification Language
241
4.1 The Domain Specific Language Programming Paradigm
244
5 Conclusion
246
References
246
All prices incl. VAT