A Study on Analyzing Risk Scenarios About Vulnerabilities of Security Monitoring System: Focused on Information Leakage by Insider
Information leakage by insider results in financial losses and ethical issues, thus affects business sustainability as well as corporate reputation. In Korea, information leakage by insiders occupies about 80% of the security incidents. Most companies are establishing preventive and prohibited security policies. Nevertheless, security incidents are unceasing. Such restrictive security policies inhibit work efficiency or make employees recognize security negatively. Due to these problems, the rapid detection capability of leakage signs is required. To detect the signs of information leakage, security monitoring is an essential activity. This study is an exploratory case study that analyzed the current state of security monitoring operated by three companies in Korea and provides some risk scenarios about information leakage. For the case analysis, this study collected each company’s security policy, systems linked with security monitoring system, and system log used. As a result, this study identified vulnerabilities that were difficult to be detected with the current security monitoring system, and drew 4 risk scenarios that were likely to occur in the future. The results of this study will be useful for the companies that are planning to establish effective security monitoring system.
KeywordsInsider threat Information leakage Security monitoring
This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2018-2014-1-00636) supervised by the IITP (Institute for Information & communications Technology Promotion).
- 2.Chang, H.B.: A study on the countermeasure by the types through case analysis of industrial secret leakage accident. J. Inf. Secur. 15(7), 39–45 (2015)Google Scholar
- 3.Scholtz, T.: Consider a people-centric security strategy (2013). Gartner G00249357Google Scholar
- 5.Cho, S.K., Jun, M.S.: Privacy leakage monitoring system design for privacy protection. J. Korea Inst. Inf. Secur. Cryptol. 22(1), 99–106 (2012)Google Scholar
- 14.Park, S.J., Lim, J.I.: A study on the development of SRI (Security Risk Indicator)-based monitoring system to prevent the leakage of personally identifiable information. J. Korea Inst. Inf. Secur. Cryptol. 22(3), 637–644 (2012)Google Scholar
- 16.Park, J.S., Lee, I.Y.: Log analysis method of separate security solution using single data leakage scenario. Trans. Comput. Commun. Syst. 4(2), 65–72 (2015)Google Scholar
- 18.Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the Sixth Annual IEEE SMC, pp. 340–347 (2005). https://doi.org/10.1109/IAW.2005.1495972
- 19.Sanzgiri, A., Dasgupta, D.: Classification of insider threat detection techniques. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference. ACM (2016). https://doi.org/10.1145/2897795.2897799
- 20.Yin, R.K.: Case Study Research Design and Methods, 5th edn. Sage Publications, Thousand Oaks (2014)Google Scholar