Relevant bibliographies by topics / Insider threat

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Insider threat'

Author: Grafiati
Published: 4 June 2021
Last updated: 1 June 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Insider threat.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Insider threat"

1

Alsowail, Rakan A., and Taher Al-Shehari. "A Multi-Tiered Framework for Insider Threat Prevention." Electronics 10, no. 9 (April 22, 2021): 1005. http://dx.doi.org/10.3390/electronics10091005.

Full text
Abstract:
As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.
APA, Harvard, Vancouver, ISO, and other styles
2

Mohammad, Nur Ameera Natasha, Warusia Mohamed Yassin, Rabiah Ahmad, Aslinda Hassan, and Mohammed Nasser Ahmed Al Mhiqani. "An Insider Threat Categorization Framework for Automated Manufacturing Execution System." International Journal of Innovation in Enterprise System 3, no. 02 (July 31, 2019): 31–41. http://dx.doi.org/10.25124/ijies.v3i02.38.

Full text
Abstract:
Insider threats become one of the most dangerous threats in the cyber world as compared to outsider as the insiders have knowledge of assets. In addition, the threats itself considered in-visible and no one can predict what, when and how exactly the threat launched. Based on conducting literature, threat in Automated Manufacturing Execution Systems (AMESs) can be divided into three principle factors. Moreover, there is no standard framework to be referring which exist nowadays to categorize such factors in order to identify insider threats possible features. Therefore, from the conducted literature a standard theoretical categorization of insider threats framework for AMESs has been proposed. Hence, three principle factors, i.e. Human, Systems and Machine have considered as major categorization of insider threats. Consequently, the possible features for each factor identified based on previous researcher recommendations. Therefore, via identifying possible features and categorize it into principle factors or groups, a standard framework could be derived. These frameworks will contribute more benefit specifically in the manufacturing field as a reference to mitigate an insider threat. Keywords—automated manufacturing execution systems insider threats, factors and features, insider threat categorization framework.
APA, Harvard, Vancouver, ISO, and other styles
3

Hu, Teng, Bangzhou Xin, Xiaolei Liu, Ting Chen, Kangyi Ding, and Xiaosong Zhang. "Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats." Sensors 20, no. 18 (September 16, 2020): 5297. http://dx.doi.org/10.3390/s20185297.

Full text
Abstract:
The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.
APA, Harvard, Vancouver, ISO, and other styles
4

Al-Mhiqani, Mohammed Nasser, Rabiah Ahmad, Z. Zainal Abidin, Warusia Yassin, Aslinda Hassan, Karrar Hameed Abdulkareem, Nabeel Salih Ali, and Zahri Yunos. "A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations." Applied Sciences 10, no. 15 (July 28, 2020): 5208. http://dx.doi.org/10.3390/app10155208.

Full text
Abstract:
Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.
APA, Harvard, Vancouver, ISO, and other styles
5

Nasser Al-mhiqani, Mohammed, Rabiah Ahmad, Zaheera Zainal Abidin, Warusia Yassin, Aslinda Hassan, and Ameera Natasha Mohammad. "New insider threat detection method based on recurrent neural networks." Indonesian Journal of Electrical Engineering and Computer Science 17, no. 3 (March 1, 2020): 1474. http://dx.doi.org/10.11591/ijeecs.v17.i3.pp1474-1479.

Full text
Abstract:
<p>Insider threat is a significant challenge in cybersecurity. In comparison with outside attackers, inside attackers have more privileges and legitimate access to information and facilities that can cause considerable damage to an organization. Most organizations that implement traditional cybersecurity techniques, such as intrusion detection systems, fail to detect insider threats given the lack of extensive knowledge on insider behavior patterns. However, a sophisticated method is necessary for an in-depth understanding of insider activities that the insider performs in the organization. In this study, we propose a new conceptual method for insider threat detection on the basis of the behaviors of an insider. In addition, gated recurrent unit neural network will be explored further to enhance the insider threat detector. This method will identify the optimal behavioral pattern of insider actions.</p>
APA, Harvard, Vancouver, ISO, and other styles
6

Adikari, Swini. "Countering the Threat of Nuclear Terrorism Arising from Malicious Insiders." Global Affairs Review 1, no. 2 (June 15, 2021): 1–18. http://dx.doi.org/10.51330/gar.0020214.

Full text
Abstract:
Nuclear theft from malicious insiders is a significant threat to Pakistan’s nuclear weapons arsenal. Pakistan is a member of the Convention of the Physical Protection of Nuclear Material (CPPNM), which is an international agreement that adheres to the protection of nuclear materials and the recovery of stolen nuclear materials. However, this agreement does not specifically take into account the risk of security breaches arising from malicious insiders due to Pakistan’s rapidly growing nuclear arsenal. The purpose of this paper is to examine the heightened risk of insider threats in conjunction with Pakistan’s increasing nuclear force structure. The first section of the paper examines the history of the development of Pakistan’s nuclear weapons programme and discusses Pakistan’s current nuclear force structure. The second section examines the international and domestic policies that Pakistan follows to address the issue of insider threats to Pakistan’s nuclear facilities. The final section proposes two policy alternatives to address Pakistan’s growing insider threat risks and outlines how the Design Basis Threat assessment is the most effective solution for Pakistan’s growing insider threat.
APA, Harvard, Vancouver, ISO, and other styles
7

Kim, Park, Kim, Cho, and Kang. "Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms." Applied Sciences 9, no. 19 (September 25, 2019): 4018. http://dx.doi.org/10.3390/app9194018.

Full text
Abstract:
Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.
APA, Harvard, Vancouver, ISO, and other styles
8

Soleh, Musdi Muhammad. "A Study Case in NTMC POLRI: Reducing Data Breach Risk from Insider Threats by Using Risk IT Framework." ACMIT Proceedings 3, no. 1 (March 18, 2019): 171–79. http://dx.doi.org/10.33555/acmit.v3i1.41.

Full text
Abstract:
Risks is not only merely comes from external threats, it is also comes from inside - internal actor. Vormetric Insider Threat mentioned that in 800 surveyed enterprise companies, 89% vulnerable to insider attacks [1]. It mentioned that Data Breach issue the highest risk happened to the company caused by insider threats. This paper will analyse the insider attacks, Risk IT framework will be used toreduce to reduce and prevent these vulnerabilities in valuable assets.
APA, Harvard, Vancouver, ISO, and other styles
9

Yilmaz, Erhan, and Ozgu Can. "Unveiling Shadows: Harnessing Artificial Intelligence for Insider Threat Detection." Engineering, Technology & Applied Science Research 14, no. 2 (April 2, 2024): 13341–46. http://dx.doi.org/10.48084/etasr.6911.

Full text
Abstract:
Insider threats pose a significant risk to organizations, necessitating robust detection mechanisms to safeguard against potential damage. Traditional methods struggle to detect insider threats operating within authorized access. Therefore, the use of Artificial Intelligence (AI) techniques is essential. This study aimed to provide valuable insights for insider threat research by synthesizing advanced AI methodologies that offer promising avenues to enhance organizational cybersecurity defenses. For this purpose, this paper explores the intersection of AI and insider threat detection by acknowledging organizations' challenges in identifying and preventing malicious activities by insiders. In this context, the limitations of traditional methods are recognized, and AI techniques, including user behavior analytics, Natural Language Processing (NLP), Large Language Models (LLMs), and Graph-based approaches, are investigated as potential solutions to provide more effective detection mechanisms. For this purpose, this paper addresses challenges such as the scarcity of insider threat datasets, privacy concerns, and the evolving nature of employee behavior. This study contributes to the field by investigating the feasibility of AI techniques to detect insider threats and presents feasible approaches to strengthening organizational cybersecurity defenses against them. In addition, the paper outlines future research directions in the field by focusing on the importance of multimodal data analysis, human-centric approaches, privacy-preserving techniques, and explainable AI.
APA, Harvard, Vancouver, ISO, and other styles
10

Kim, Jung Hwan, Chul Min Kim, and Man-Sung Yim. "An Investigation of Insider Threat Mitigation Based on EEG Signal Classification." Sensors 20, no. 21 (November 8, 2020): 6365. http://dx.doi.org/10.3390/s20216365.

Full text
Abstract:
This study proposes a scheme to identify insider threats in nuclear facilities through the detection of malicious intentions of potential insiders using subject-wise classification. Based on electroencephalography (EEG) signals, a classification model was developed to identify whether a subject has a malicious intention under scenarios of being forced to become an insider threat. The model also distinguishes insider threat scenarios from everyday conflict scenarios. To support model development, 21-channel EEG signals were measured on 25 healthy subjects, and sets of features were extracted from the time, time–frequency, frequency and nonlinear domains. To select the best use of the available features, automatic selection was performed by random-forest-based algorithms. The k-nearest neighbor, support vector machine with radial kernel, naïve Bayes, and multilayer perceptron algorithms were applied for the classification. By using EEG signals obtained while contemplating becoming an insider threat, the subject-wise model identified malicious intentions with 78.57% accuracy. The model also distinguished insider threat scenarios from everyday conflict scenarios with 93.47% accuracy. These findings could be utilized to support the development of insider threat mitigation systems along with existing trustworthiness assessments in the nuclear industry.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Insider threat"

1

Munshi, Asmaa Mahdi. "A study of insider threat behaviour: developing a holistic insider threat model." Thesis, Curtin University, 2013. http://hdl.handle.net/20.500.11937/1668.

Full text
Abstract:
This study investigates the factors that influence the insider threat behaviour. The research aims to develop a holistic view of insider threat behaviour and ways to manage it. This research adopts an Explanatory Mixed Methods approach for the research process. Firstly, the researcher collects the quantitative data and then the qualitative data. In the first phase, the holistic insider threat model is developed; in the second phase, best practices are developed to manage the threat.
APA, Harvard, Vancouver, ISO, and other styles
2

Black, Alan. "Managing the aviation insider threat." Thesis, Monterey, California. Naval Postgraduate School, 2010. http://hdl.handle.net/10945/5039.

Full text
Abstract:
CHDS State/Local
Approved for public release; distribution is unlimited
Despite enhancements to aviation security since September 11, 2001, there remain vulnerabilities from employees at airports. This threat results from airline/airport employees that have access to sensitive and restricted areas during the normal course of their required duties. This thesis evaluates the threat and the measures in place to prevent attacks from aviation insiders. In addition, it evaluates a measure commonly referred to as 100 percent employee screening. Finally, the thesis derives recommendations to enhance the current methods to reduce the vulnerability, as well as proposes additional measures to further reduce the threat from aviation insiders.
APA, Harvard, Vancouver, ISO, and other styles
3

Schluderberg, Larry E. "Addressing the cybersecurity Malicious Insider threat." Thesis, Utica College, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1571095.

Full text
Abstract:

Malicious Insider threats consist of employees, contractors, or business partners who either have current authorized access, or have had authorized access to an organization's critical information and have intentionally misused that access in a manner that compromised the organization. Although incidents initiated by malicious insiders are fewer in number than those initiated by external threats, insider incidents are more costly on average because the threat is already trusted by the organization and often has privileged access to the organization's most sensitive information. In spite of the damage they cause there are indications that the seriousness of insider incidents are underappreciated as threats by management. The purpose of this research was to investigate who constitutes MI threats, why and how they initiate attacks, the extent to which MI activity can be modeled or predicted, and to suggest some risk mitigation strategies. The results reveal that addressing the Malicious Insider threat is much more than just a technical issue. Dealing effectively with the threat involves managing the dynamic interaction between employees, their work environment and work associates, the systems with which they interact, and organizational policies and procedures. Techniques for detecting and mitigating the threat are available and can be effectively applied. Some of the procedural and technical methods include definition of, follow through, and consistent application of corporate, and dealing with adverse events indigenous to the business environment. Other methods include conduct of a comprehensive Malicious Insider risk assessment, selective monitoring of employees in response to behavioral precursors, minimizing unknown access paths, control of the organization's production software baseline, and effective use of peer reporting.

Keywords: Cybersecurity, Professor Paul Pantani, CERT, insider, threat, IDS, SIEMS. FIM, RBAC, ABAC, behavioral, peer, precursors, access, authentication, predictive, analytics, system, dynamics, demographics.

APA, Harvard, Vancouver, ISO, and other styles
4

McKinney, Steven. "Insider Threat: User Identification Via Process Profiling." NCSU, 2008. http://www.lib.ncsu.edu/theses/available/etd-05092008-154325/.

Full text
Abstract:
The issue of insider threat is one that organizations have dealt with for many years. Insider threat research began in the early 80's, but has yet to provide satisfactory results despite the fact that insiders pose a greater threat to organizations than external attackers. One of the key issues relating to this problem is that the amount of collectable data is enormous and it is currently impossible to analyze all of it, for each insider, in a timely manner. The purpose of this research is to analyze a portion of this collectable data, process usage, and determine if this data is useful in identifying insiders. Identification of the person controlling the workstation is useful in environments where workstations are left unattended, even for a short amount of time. To do this, we developed an insider threat detection system based on the Naive Bayes method which examines process usage data and creates individual profiles for users. By comparing collected data to these profiles we are able to determine who is controlling the workstation with high accuracy. We are able to achieve true positive rates of 96\% while maintaining fewer than 0.5\% false positives.
APA, Harvard, Vancouver, ISO, and other styles
5

Magklaras, Georgios Vasilios. "An insider misuse threat detection and prediction language." Thesis, University of Plymouth, 2012. http://hdl.handle.net/10026.1/1024.

Full text
Abstract:
Numerous studies indicate that amongst the various types of security threats, the problem of insider misuse of IT systems can have serious consequences for the health of computing infrastructures. Although incidents of external origin are also dangerous, the insider IT misuse problem is difficult to address for a number of reasons. A fundamental reason that makes the problem mitigation difficult relates to the level of trust legitimate users possess inside the organization. The trust factor makes it difficult to detect threats originating from the actions and credentials of individual users. An equally important difficulty in the process of mitigating insider IT threats is based on the variability of the problem. The nature of Insider IT misuse varies amongst organizations. Hence, the problem of expressing what constitutes a threat, as well as the process of detecting and predicting it are non trivial tasks that add up to the multi- factorial nature of insider IT misuse. This thesis is concerned with the process of systematizing the specification of insider threats, focusing on their system-level detection and prediction. The design of suitable user audit mechanisms and semantics form a Domain Specific Language to detect and predict insider misuse incidents. As a result, the thesis proposes in detail ways to construct standardized descriptions (signatures) of insider threat incidents, as means of aiding researchers and IT system experts mitigate the problem of insider IT misuse. The produced audit engine (LUARM – Logging User Actions in Relational Mode) and the Insider Threat Prediction and Specification Language (ITPSL) are two utilities that can be added to the IT insider misuse mitigation arsenal. LUARM is a novel audit engine designed specifically to address the needs of monitoring insider actions. These needs cannot be met by traditional open source audit utilities. ITPSL is an XML based markup that can standardize the description of incidents and threats and thus make use of the LUARM audit data. Its novelty lies on the fact that it can be used to detect as well as predict instances of threats, a task that has not been achieved to this date by a domain specific language to address threats. The research project evaluated the produced language using a cyber-misuse experiment approach derived from real world misuse incident data. The results of the experiment showed that the ITPSL and its associated audit engine LUARM provide a good foundation for insider threat specification and prediction. Some language deficiencies relate to the fact that the insider threat specification process requires a good knowledge of the software applications used in a computer system. As the language is easily expandable, future developments to improve the language towards this direction are suggested.
APA, Harvard, Vancouver, ISO, and other styles
6

Rocha, Francisco. "Insider threat : memory confidentiality and integrity in the cloud." Thesis, University of Newcastle upon Tyne, 2015. http://hdl.handle.net/10443/2960.

Full text
Abstract:
The advantages of always available services, such as remote device backup or data storage, have helped the widespread adoption of cloud computing. However, cloud computing services challenge the traditional boundary between trusted inside and untrusted outside. A consumer’s data and applications are no longer in premises, fundamentally changing the scope of an insider threat. This thesis looks at the security risks associated with an insider threat. Specifically, we look into the critical challenge of assuring data confidentiality and integrity for the execution of arbitrary software in a consumer’s virtual machine. The problem arises from having multiple virtual machines sharing hardware resources in the same physical host, while an administrator is granted elevated privileges over such host. We used an empirical approach to collect evidence of the existence of this security problem and implemented a prototype of a novel prevention mechanism for such a problem. Finally, we propose a trustworthy cloud architecture which uses the security properties our prevention mechanism guarantees as a building block. To collect the evidence required to demonstrate how an insider threat can become a security problem to a cloud computing infrastructure, we performed a set of attacks targeting the three most commonly used virtualization software solutions. These attacks attempt to compromise data confidentiality and integrity of cloud consumers’ data. The prototype to evaluate our novel prevention mechanism was implemented in the Xen hypervisor and tested against known attacks. The prototype we implemented focuses on applying restrictions to the permissive memory access model currently in use in the most relevant virtualization software solutions. We envision the use of a mandatory memory access control model in the virtualization software. This model enforces the principle of least privilege to memory access, which means cloud administrators are assigned with only enough privileges to successfully perform their administrative tasks. Although the changes we suggest to the virtualization layer make it more restrictive, our solution is versatile enough to port all the functionality available in current virtualization viii solutions. Therefore, our trustworthy cloud architecture guarantees data confidentiality and integrity and achieves a more transparent trustworthy cloud ecosystem while preserving functionality. Our results show that a malicious insider can compromise security sensitive data in the three most important commercial virtualization software solutions. These virtualization solutions are publicly available and the number of cloud servers using these solutions accounts for the majority of the virtualization market. The prevention mechanism prototype we designed and implemented guarantees data confidentiality and integrity against such attacks and reduces the trusted computing base of the virtualization layer. These results indicate how current virtualization solutions need to reconsider their view on insider threats.
APA, Harvard, Vancouver, ISO, and other styles
7

Elmrabit, Nebrase. "A multiple-perspective approach for insider-threat risk prediction in cyber-security." Thesis, Loughborough University, 2018. https://dspace.lboro.ac.uk/2134/36243.

Full text
Abstract:
Currently governments and research communities are concentrating on insider threat matters more than ever, the main reason for this is that the effect of a malicious insider threat is greater than before. Moreover, leaks and the selling of the mass data have become easier, with the use of the dark web. Malicious insiders can leak confidential data while remaining anonymous. Our approach describes the information gained by looking into insider security threats from the multiple perspective concepts that is based on an integrated three-dimensional approach. The three dimensions are human issue, technology factor, and organisation aspect that forms one risk prediction solution. In the first part of this thesis, we give an overview of the various basic characteristics of insider cyber-security threats. We also consider current approaches and controls of mitigating the level of such threats by broadly classifying them in two categories: a) technical mitigation approaches, and b) non-technical mitigation approaches. We review case studies of insider crimes to understand how authorised users could harm their organisations by dividing these cases into seven groups based on insider threat categories as follows: a) insider IT sabotage, b) insider IT fraud, c) insider theft of intellectual property, d) insider social engineering, e) unintentional insider threat incident, f) insider in cloud computing, and g) insider national security. In the second part of this thesis, we present a novel approach to predict malicious insider threats before the breach takes place. A prediction model was first developed based on the outcomes of the research literature which highlighted main prediction factors with the insider indicator variables. Then Bayesian network statistical methods were used to implement and test the proposed model by using dummy data. A survey was conducted to collect real data from a single organisation. Then a risk level and prediction for each authorised user within the organisation were analysed and measured. Dynamic Bayesian network model was also proposed in this thesis to predict insider threats for a period of time, based on data collected and analysed on different time scales by adding time series factors to the previous model. Results of the verification test comparing the output of 61 cases from the education sector prediction model show a good consistence. The correlation was generally around R-squared =0.87 which indicates an acceptable fit in this area of research. From the result we expected that the approach will be a useful tool for security experts. It provides organisations with an insider threat risk assessment to each authorised user and also organisations can discover their weakness area that needs attention in dealing with insider threat. Moreover, we expect the model to be useful to the researcher's community as the basis for understanding and future research.
APA, Harvard, Vancouver, ISO, and other styles
8

Callahan, Christopher J. "Security information and event management tools and insider threat detection." Thesis, Monterey, California: Naval Postgraduate School, 2013. http://hdl.handle.net/10945/37596.

Full text
Abstract:
Approved for public release; distribution is unlimited
Malicious insider activities on military networks can pose a threat to military operations. Early identification of malicious insiders assists in preventing significant damage and reduces the overall insider threat to military networks. Security Information and Event Management (SIEM) tools can be used to identify potential malicious insider activities. SIEM tools provide the ability to normalize and correlate log data from multiple sources on networks. Personnel background investigations and administrative action information can provide data sources for SIEM tools in order to assist in early identification of the insider threat by correlating this information with the individuals online activities. This thesis provides background information on the components and functionality of SIEM tools, summarizes historic insider threat cases to determine common motivations, provides an overview of military security investigations and administrative actions in order to determine candidate sources for SIEM correlation, and provides an overview of common methods of data exfiltration by malicious insiders. This information is then used to develop an example SIEM architecture that highlights how the military can use a SIEM to identify and prevent potential internal insider threats by correlating an individuals network activities with background investigation and administrative action information.
APA, Harvard, Vancouver, ISO, and other styles
9

Jenkins, Jeffrey Lyne. "Alleviating Insider Threats: Mitigation Strategies and Detection Techniques." Diss., The University of Arizona, 2013. http://hdl.handle.net/10150/297023.

Full text
Abstract:
Insider threats--trusted members of an organization who compromise security--are considered the greatest security threat to organizations. Because of ignorance, negligence, or malicious intent, insider threats may cause security breaches resulting in substantial damages to organizations and even society. This research helps alleviate the insider threat through developing mitigation strategies and detection techniques in three studies. Study 1 examines how security controls--specifically depth-of-authentication and training recency--alleviate non-malicious insider threats through encouraging secure behavior (i.e., compliance with an organization's security policy). I found that `simpler is better' when implementing security controls, the effects of training diminish rapidly, and intentions are poor predictors of actual secure behavior. Extending Study 1's finding on training recency, Study 2 explains how different types of training alleviate non-malicious insider threat activities. I found that just-in-time reminders are more effective than traditional training programs in improving secure behavior, and again that intentions are not an adequate predictor of actual secure behavior. Both Study 1 and Study 2 introduce effective mitigation strategies for alleviating the non-malicious insider threat; however, they have limited utility when an insider threat has malicious intention, or deliberate intentions to damage the organization. To address this limitation, Study 3 conducts research to develop a tool for detecting malicious insider threats. The tool monitors mouse movements during an insider threat screening survey to detect when respondents are being deceptive. I found that mouse movements are diagnostic of deception. Future research directions are discussed to integrate and extend the findings presented in this dissertation to develop a behavioral information security framework for alleviating both the non-malicious and malicious insider threats in organizations.
APA, Harvard, Vancouver, ISO, and other styles
10

Hashem, Yassir. "Multi-Modal Insider Threat Detection and Prevention based on Users' Behaviors." Thesis, University of North Texas, 2008. https://digital.library.unt.edu/ark:/67531/metadc1248460/.

Full text
Abstract:
Insider threat is one of the greatest concerns for information security that could cause more significant financial losses and damages than any other attack. However, implementing an efficient detection system is a very challenging task. It has long been recognized that solutions to insider threats are mainly user-centric and several psychological and psychosocial models have been proposed. A user's psychophysiological behavior measures can provide an excellent source of information for detecting user's malicious behaviors and mitigating insider threats. In this dissertation, we propose a multi-modal framework based on the user's psychophysiological measures and computer-based behaviors to distinguish between a user's behaviors during regular activities versus malicious activities. We utilize several psychophysiological measures such as electroencephalogram (EEG), electrocardiogram (ECG), and eye movement and pupil behaviors along with the computer-based behaviors such as the mouse movement dynamics, and keystrokes dynamics to build our framework for detecting malicious insiders. We conduct human subject experiments to capture the psychophysiological measures and the computer-based behaviors for a group of participants while performing several computer-based activities in different scenarios. We analyze the behavioral measures, extract useful features, and evaluate their capability in detecting insider threats. We investigate each measure separately, then we use data fusion techniques to build two modules and a comprehensive multi-modal framework. The first module combines the synchronized EEG and ECG psychophysiological measures, and the second module combines the eye movement and pupil behaviors with the computer-based behaviors to detect the malicious insiders. The multi-modal framework utilizes all the measures and behaviors in one model to achieve better detection accuracy. Our findings demonstrate that psychophysiological measures can reveal valuable knowledge about a user's malicious intent and can be used as an effective indicator in designing insider threat monitoring and detection frameworks. Our work lays out the necessary foundation to establish a new generation of insider threat detection and mitigation mechanisms that are based on a user's involuntary behaviors, such as psychophysiological measures, and learn from the real-time data to determine whether a user is malicious.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "Insider threat"

1

Managing the insider threat: No dark corners. Boca Raton, FL: CRC Press, 2012.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Godse, Vinayak. The threat within: A study on insider threat by DSCI in collaboration with PwC. New Delhi: Data Security Council of India, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

1954-, Hoffman Bruce, United States. Dept. of Energy., and Rand Corporation, eds. Insider crime: The threat to nuclear facilities and programs. Santa Monica, CA: Rand Corp., 1990.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

1939-, Anderson Robert H., United States. Advanced Research and Development Activity, and Rand Corporation, eds. Understanding the insider threat: Proceedings of a March 2004 workshop. Santa Monica, CA: RAND, 2004.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

United States. Department of Homeland Security. Office of Inspector General. Examining insider threat risk at the U.S.Citizenship and Immigration Services. Washington, DC: U.S. Dept. of Homeland Security, Office of Inspector General, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Insider threat: A guide to understanding, detecting, and defending against the enemy from within. Ely, Cambridgeshire, United Kingdom: IT Governance Publishing, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

United States. Department of Homeland Security. Office of Inspector General. Transportation Security Administration has taken steps to address the insider threat but challenges remain (redacted). Washington, DC: Department of Homeland Security, Office of Inspector General, 2012.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

United States. Department of Homeland Security. Office of Inspector General. U.S. Customs and Border Protection has taken steps to address insider threat, but challenges remain (redacted). Washington, DC: Department of Homeland Security, Office of Inspector General, 2013.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Carneiro, Anabela. Market power, dismissal threat and rent sharing: The role of insider and outsider forces in wage bargaining. Bonn, Germany: IZA, 2006.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

Ocasio, William. Failure-induced change and threat-rigidity under economic adversity: The case of insider vs. outsider CEO succession. Cambridge, Mass: Alfred P. Sloan School of Management, Massachusetts Institute of Technology, 1993.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "Insider threat"

1

Bore, James. "Insider Threat." In Advanced Sciences and Technologies for Security Applications, 431–50. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-35746-7_19.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Williams, Adam D., Shannon N. Abbott, and Adriane C. Littlefield. "Insider Threat." In Encyclopedia of Security and Emergency Management, 1–8. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-319-69891-5_156-1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Williams, Adam D., Shannon N. Abbott, and Adriane C. Littlefield. "Insider Threat." In Encyclopedia of Security and Emergency Management, 1–8. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-319-69891-5_156-2.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Bishop, Matt. "Insider Threat." In Encyclopedia of Cryptography, Security and Privacy, 1–4. Berlin, Heidelberg: Springer Berlin Heidelberg, 2021. http://dx.doi.org/10.1007/978-3-642-27739-9_1586-1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Williams, Adam D., Shannon N. Abbott, and Adriane C. Littlefield. "Insider Threat." In Encyclopedia of Security and Emergency Management, 450–57. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-319-70488-3_156.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Sims, Shane. "Insider Threat Investigations." In Springer’s Forensic Laboratory Science Series, 45–51. Totowa, NJ: Humana Press, 2010. http://dx.doi.org/10.1007/978-1-60761-772-3_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Ayala, Luis. "Hospital Insider Threat." In Cybersecurity for Hospitals and Healthcare Facilities, 47–51. Berkeley, CA: Apress, 2016. http://dx.doi.org/10.1007/978-1-4842-2155-6_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Stolfo, Salvatore J., Brian M. Bowen, and Malek Ben Salem. "Insider Threat Defense." In Encyclopedia of Cryptography and Security, 609–11. Boston, MA: Springer US, 2011. http://dx.doi.org/10.1007/978-1-4419-5906-5_904.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Tagg, Gary L. "The Insider Threat." In Computer Security Handbook, 13.1–13.12. Hoboken, NJ, USA: John Wiley & Sons, Inc., 2015. http://dx.doi.org/10.1002/9781118851678.ch13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Moallem, Abbas. "Insider Threat Protection." In Understanding Cybersecurity Technologies, 135–42. Boca Raton: CRC Press, 2021. http://dx.doi.org/10.1201/9781003038429-14.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Insider threat"

1

Ho, Shuyuan Mary, Hengyi Fu, Shashanka S. Timmarajus, Cheryl Booth, Jung Hoon Baeg, and Muye Liu. "Insider Threat." In SIGMIS-CPR '15: 2015 Computers and People Research Conference. New York, NY, USA: ACM, 2015. http://dx.doi.org/10.1145/2751957.2751978.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Bishop, Matt, Kara Nance, and Jason Clark. "Introduction to Inside the Insider Threat Minitrack." In Hawaii International Conference on System Sciences. Hawaii International Conference on System Sciences, 2017. http://dx.doi.org/10.24251/hicss.2017.318.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Bishop, Matt, Kara Nance, and William Claycomb. "Introduction to the Inside the Insider Threat Minitrack." In 2016 49th Hawaii International Conference on System Sciences (HICSS). IEEE, 2016. http://dx.doi.org/10.1109/hicss.2016.342.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Bishop, Matt, and Carrie Gates. "Defining the insider threat." In the 4th annual workshop. New York, New York, USA: ACM Press, 2008. http://dx.doi.org/10.1145/1413140.1413158.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Castiglione, Aniello, Arcangelo Castiglione, Alfredo De Santis, Barbara Masucci, Francesco Palmieri, and Raffaele Pizzolante. "Novel Insider Threat Techniques." In CCS'15: The 22nd ACM Conference on Computer and Communications Security. New York, NY, USA: ACM, 2015. http://dx.doi.org/10.1145/2808783.2808789.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Mundie, David A., Sam Perl, and Carly L. Huth. "Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions." In 2013 3rd International Workshop on Socio-Technical Aspects in Security and Trust (STAST). IEEE, 2013. http://dx.doi.org/10.1109/stast.2013.14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Clark, Jason, Matt Bishop, and Frank Greitzer. "Introduction to the Minitrack on Inside the Insider Threat." In Hawaii International Conference on System Sciences. Hawaii International Conference on System Sciences, 2020. http://dx.doi.org/10.24251/hicss.2020.272.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Young, William T., Alex Memory, Henry G. Goldberg, and Ted E. Senator. "Detecting Unknown Insider Threat Scenarios." In 2014 IEEE Security and Privacy Workshops (SPW). IEEE, 2014. http://dx.doi.org/10.1109/spw.2014.42.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Goldberg, Henry, William Young, Matthew Reardon, Brian Phillips, and Ted Senator. "Insider Threat Detection in PRODIGAL." In Hawaii International Conference on System Sciences. Hawaii International Conference on System Sciences, 2017. http://dx.doi.org/10.24251/hicss.2017.320.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Montelibano, Joji, and Andrew Moore. "Insider Threat Security Reference Architecture." In 2012 45th Hawaii International Conference on System Sciences (HICSS). IEEE, 2012. http://dx.doi.org/10.1109/hicss.2012.327.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Insider threat"

1

CALIFORNIA UNIV LOS ANGELES. DoD Insider Threat Mitigation. Fort Belvoir, VA: Defense Technical Information Center, January 1999. http://dx.doi.org/10.21236/ada385423.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Montelibano, Joji, and Andrew Moore. Insider Threat Security Reference Architecture. Fort Belvoir, VA: Defense Technical Information Center, April 2012. http://dx.doi.org/10.21236/ada609926.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Wong, F. Insider Threat Symposium Curated Questions. Office of Scientific and Technical Information (OSTI), February 2019. http://dx.doi.org/10.2172/1548366.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Maxion, R. A., K. M. Tan, S. S. Killourhy, and T. N. Townsend. Profiler-2000: Attacking the Insider Threat. Fort Belvoir, VA: Defense Technical Information Center, September 2005. http://dx.doi.org/10.21236/ada439600.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Gibbs, Philip, Robert Larsen, Mike O'Brien, and Jose Rodriquez. Insider Threat Mitigation Workshop Instructional Materials. Office of Scientific and Technical Information (OSTI), January 2008. http://dx.doi.org/10.2172/1170579.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Shevenell, Michael John. A Scalable HPC Insider Threat Monitoring System. Office of Scientific and Technical Information (OSTI), March 2018. http://dx.doi.org/10.2172/1489161.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Gibbs, Philip, Robert Larsen, Mike O'Brien, and Tom Edmunds. Advanced Insider Threat Mitigation Workshop Instructional Materials. Office of Scientific and Technical Information (OSTI), February 2009. http://dx.doi.org/10.2172/1167146.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Gibbs, Philip, Robert Larsen, Mike O Brien, and Tom Edmunds. Advanced insider threat mitigation workshop instructional materials. Office of Scientific and Technical Information (OSTI), November 2008. http://dx.doi.org/10.2172/1167421.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Hanley, Michael, and Joji Montelibano. Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination. Fort Belvoir, VA: Defense Technical Information Center, October 2011. http://dx.doi.org/10.21236/ada610463.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Pope, Noah Gale, Martha Williams, Joel Lewis, and Thomas Pham. Taking Steps to Protect Against the Insider Threat. Office of Scientific and Technical Information (OSTI), October 2015. http://dx.doi.org/10.2172/1223757.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Insider threat' for particular source types:
Journal articles Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography