Title :
From Insider Threats to Business Processes that are Secure-by-Design
Author :
Gollmann, Dieter
Author_Institution :
Hamburg Univ. of Technol., Hamburg, Germany
fDate :
Nov. 30 2011-Dec. 2 2011
Abstract :
Summary form only given. The observations that security is not an add-on feature and that insiders pose a considerable security threat have both been familiar in the security community for a long time. Attempts to deal with insider threats are not new either. Relevant techniques such as separation of duties are part of the standard toolset of security practitioners. However, it may well be true that in the past most countermeasures against insider threats belonged to the social and not to the technical domain. With increasing automation and IT support for business processes this approach is reaching its limits, as are approaches that just add-on IT security to business processes. This talk will argue that defending against insider threats is in fact just one aspect of designing secure organisational (business) processes, and that one has to start at the design of the processes within an organization to make progress in dealing with insider threat.
Keywords :
business data processing; organisational aspects; security of data; add-on IT security; business process; insider threat; organisational process; secure-by-design; security community; security threat; Artificial intelligence; Collaboration; Communities; Organizations; Security; Standards organizations;
Conference_Titel :
Intelligent Networking and Collaborative Systems (INCoS), 2011 Third International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4577-1908-0
DOI :
10.1109/INCoS.2011.175
