Advertisement

Aspects of Insider Threats

  • Christian W. Probst
  • Jeffrey Hunker
  • Dieter Gollmann
  • Matt Bishop
Chapter
Part of the Advances in Information Security book series (ADIS, volume 49)

Abstract

The insider threat has received considerable attention, and is often cited as the most serious security problem. It is also considered the most difficult problem to deal with, because an “insider” has information and capabilities not known to external attackers. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? This chapter presents some aspects of insider threats, collected at an inter-disciplinary workshop in 2008.

Keywords

Policy Language Security Policy Psychological Contract Inside Threat False Accusation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Binney v. Banner Therapy Products, 631 S.E. 2d 848, 850. North Carolina Court of Appeals (2006)Google Scholar
  2. 2.
    Bishop, M.: The Insider Problem Revisited. In: Proceedings of the New Security Paradigms Workshop 2005. ACM Press, Lake Arrowhead, CA, USA (2005)Google Scholar
  3. 3.
    Bishop, M., Engle, S., Peisert, S., Whalen, T., Gates, C.: Case studies of an insider framework. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS) (2009)Google Scholar
  4. 4.
    Brackney, R.C., Anderson, R.H.: Understanding the insider threat : proceedings of a March 2004 workshop. RAND, Santa Monica, CA : (2004)Google Scholar
  5. 5.
    Cappelli, D.M., Moore, A.P., Shaw, E.D.: A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage. In: Computer Security Institute, 33rd Annual Computer Security Conference and Exhibition (2006)Google Scholar
  6. 6.
    Carlson, A.: The unifying policy hierarchy model. Master’s thesis, Department of Computer Science, University of California, Davis (2006)Google Scholar
  7. 7.
    Cha, A.E.: Even spies embrace china’s free market. Washington Post, February 15, 2008. Available from http://www.washingtonpost.com/wp-dyn/content/ article/2008/02/14/AR2008 0214 03550.html, last visited March 2010.
  8. 8.
    Hawley, C.: The liechtenstein connection—massive tax evasion scandal in germany. Spiegel Online International, 18 February 2008. Available from http://www.spiegel.de/ international/business/0, 1518, 5357 68, 00.html, last visited March 13, 2009.
  9. 9.
    Homepage of Dagstuhl Seminar 08302: "Countering Insider Threats". Available from http: //www.dagstuhl.de/08302, last visited December 4, 2008 (2008)
  10. 10.
    Keating, D.: Tax suspects guidance on software left d.c. at risk. Washington Post (2008)Google Scholar
  11. 11.
    Kirk, J.: Homeland security e-mail server turns into spam cannon. InfoWorld.com, October 4, 2007. Available from http://www.infoworld.com/d/security-central/ homeland-security-e-mail-server-turns-spam-cannon- 924, last visited March 2010.
  12. 12.
    Patzakis, J.: New incident response best practices: Patch and proceed is no longer acceptable incident response procedure. White Paper, Guidance Software, Pasadena, CA (2003)Google Scholar
  13. 13.
    Pfleeger, S.L., Stolfo, S.J.: Addressing the insider threat. IEEE Security and Privacy 7, 10–13 (2009). DOI http://doi.ieeecomputersociety.org/10.1109/MSP.2009.146 CrossRefGoogle Scholar
  14. 14.
    Predd, J., Pfleeger, S.L., Hunker, J., Bulford, C.: Insiders behaving badly. IEEE Security and Privacy 6, 66–70 (2008). DOI http://doi.ieeecomputersociety.org/10.1109/MSP.2008.87 Google Scholar
  15. 15.
    Schwartz, N.D., Bennhold, K.: A trader’s secrets, a bank’s missteps. New York Times, 5 February 2009, New York, USA.Google Scholar
  16. 16.
    Probst, C.W., Hunker, J.: The Risk of Risk Analysis-Audits relation to the Economics of Insider Threats, Proc. of the Eighth Workshop on the Economics of Information Security (WEIS 2009), June 2009.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Christian W. Probst
    • 1
  • Jeffrey Hunker
    • 2
  • Dieter Gollmann
    • 3
  • Matt Bishop
    • 4
  1. 1.Technical University of Denmark  
  2. 2.Jeffrey Hunker Associates  
  3. 3.Hamburg University of Technology  
  4. 4.University of California, Davis  

Personalised recommendations