Title :
M-Score: A Misuseability Weight Measure
Author :
Harel, Amir ; Shabtai, Asaf ; Rokach, Lior ; Elovici, Yuval
Author_Institution :
Dept. of Inf. Syst. Eng., Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel
Abstract :
Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization´s systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.
Keywords :
risk management; security of data; M-score measure; data leakage detection; data leakage prevention; data misuse detection; data misuse prevention; misuseability conception elicitation; misuseability weight measure; risk estimation; sensitivity level; Context; Data privacy; Databases; Feature extraction; Organizations; Sensitivity; Weight measurement; Data leakage; data misuse; misuseability weight.; security measures;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2012.17
