Title :
Decision Support Procedure in the Insider Threat Domain
Author :
Murphy, J.P. ; Berk, V.H. ; Gregorio-de Souza, I.
Author_Institution :
Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA
Abstract :
Effective mitigation of the Insider Threat in complex organizations is not simply a matter of ´fire-and-forget´. Thorough routines are required to minimize the chances of malicious insiders going undetected. While detecting policy violations and signatures of known-bad behavior are essential to a broader threat mitigation strategy, it is clear that behavior-based measurements, including anomaly detection and social network analysis, will be crucial to detecting technically savvy malicious users with legitimate network and data access. Due to the large number of potentially malicious behaviors users may display, the main thrust of detection falls in the hands of an analyst capable of correlating these behaviors. Based on our BANDIT system, we offer a 10-step analyst program, which offers a common-sense approach to limiting the damage a malicious trusted user can achieve.
Keywords :
decision support systems; security of data; social networking (online); BANDIT system; anomaly detection; behavior based measurements; complex organizations; decision support procedure; fire-and-forget matter; insider threat domain; malicious insiders; malicious users; policy violations; social network analysis; threat mitigation strategy; Context; Detectors; Documentation; Measurement; Organizations; Security; behavioral anomaly detection; insider threat; risk mitigation;
Conference_Titel :
Security and Privacy Workshops (SPW), 2012 IEEE Symposium on
Conference_Location :
San Francisco, CA
Print_ISBN :
978-1-4673-2157-0
DOI :
10.1109/SPW.2012.17
