Abstract
Information leakage by insider results in financial losses and ethical issues, thus affects business sustainability as well as corporate reputation. In Korea, information leakage by insiders occupies about 80% of the security incidents. Most companies are establishing preventive and prohibited security policies. Nevertheless, security incidents are unceasing. Such restrictive security policies inhibit work efficiency or make employees recognize security negatively. Due to these problems, the rapid detection capability of leakage signs is required. To detect the signs of information leakage, security monitoring is an essential activity. This study is an exploratory case study that analyzed the current state of security monitoring operated by three companies in Korea and provides some risk scenarios about information leakage. For the case analysis, this study collected each company’s security policy, systems linked with security monitoring system, and system log used. As a result, this study identified vulnerabilities that were difficult to be detected with the current security monitoring system, and drew 4 risk scenarios that were likely to occur in the future. The results of this study will be useful for the companies that are planning to establish effective security monitoring system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Garrison, C.P., Ncube, M.: A longitudinal analysis of data breaches. Inf. Manag. Comput. Secur. 19(4), 216–230 (2011). https://doi.org/10.1108/09685221111173049
Chang, H.B.: A study on the countermeasure by the types through case analysis of industrial secret leakage accident. J. Inf. Secur. 15(7), 39–45 (2015)
Scholtz, T.: Consider a people-centric security strategy (2013). Gartner G00249357
Barnes, D.J., Hernandez-Castro, J.: On the limits of engine analysis for cheating detection in Chess. Comput. Secur. 48, 58–73 (2015). https://doi.org/10.1016/j.cose.2014.10.002
Cho, S.K., Jun, M.S.: Privacy leakage monitoring system design for privacy protection. J. Korea Inst. Inf. Secur. Cryptol. 22(1), 99–106 (2012)
Magklaras, G.B., Furnell, S.M.: A preliminary model of end user sophistication for insider threat prediction in IT systems. Comput. Secur. 24(5), 371–380 (2005). https://doi.org/10.1016/j.cose.2004.10.003
Walton, R.: Balancing the insider and outsider threat. Comput. Fraud Secur. 11, 8–11 (2006). https://doi.org/10.1016/S1361-3723(06)70440-7
Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: evaluating the probability of IT misuse. Comput. Secur. 21(1), 62–73 (2001). https://doi.org/10.1016/S0167-4048(02)00109-8
Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472–484 (2005). https://doi.org/10.1016/j.cose.2005.05.002
Stanton, J.M., Stam, K.R., Mastrangelo, P., Jolton, J.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005). https://doi.org/10.1016/j.cose.2004.07.001
Pattinson, M., Parsons, K., Butavicius, M., McCormac, A., Calic, D.: Assessing information security attitudes: a comparison of two studies. Inf. Comput. Secur. 24(2), 228–240 (2016). https://doi.org/10.1108/ICS-01-2016-0009
Stalla-Bourdillon, S.: Online monitoring, filtering, blocking…. What is the difference? Where to draw the line? Comput. Law Secur. Rev. 29(6), 702–712 (2013). https://doi.org/10.1016/j.clsr.2013.09.006
Ambre, A., Shekokar, N.: Insider threat detection using log analysis and event correlation. Procedia Comput. Sci. 45, 436–445 (2015). https://doi.org/10.1016/j.procs.2015.03.175
Park, S.J., Lim, J.I.: A study on the development of SRI (Security Risk Indicator)-based monitoring system to prevent the leakage of personally identifiable information. J. Korea Inst. Inf. Secur. Cryptol. 22(3), 637–644 (2012)
Furnell, S.: Enemies within: the problem of insider attacks. Comput. Fraud Secur. 2004(7), 6–11 (2004). https://doi.org/10.1016/S1361-3723(04)00087-9
Park, J.S., Lee, I.Y.: Log analysis method of separate security solution using single data leakage scenario. Trans. Comput. Commun. Syst. 4(2), 65–72 (2015)
Thompson, H.H., Whittaker, J.A., Andrews, M.: Intrusion detection: perspectives on the insider threat. Comput. Fraud Secur. 2004(1), 13–15 (2004). https://doi.org/10.1016/S1361-3723(04)00087-9
Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the Sixth Annual IEEE SMC, pp. 340–347 (2005). https://doi.org/10.1109/IAW.2005.1495972
Sanzgiri, A., Dasgupta, D.: Classification of insider threat detection techniques. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference. ACM (2016). https://doi.org/10.1145/2897795.2897799
Yin, R.K.: Case Study Research Design and Methods, 5th edn. Sage Publications, Thousand Oaks (2014)
Acknowledgments
This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2018-2014-1-00636) supervised by the IITP (Institute for Information & communications Technology Promotion).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Kim, K., Kim, J. (2019). A Study on Analyzing Risk Scenarios About Vulnerabilities of Security Monitoring System: Focused on Information Leakage by Insider. In: Kang, B., Jang, J. (eds) Information Security Applications. WISA 2018. Lecture Notes in Computer Science(), vol 11402. Springer, Cham. https://doi.org/10.1007/978-3-030-17982-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-17982-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17981-6
Online ISBN: 978-3-030-17982-3
eBook Packages: Computer ScienceComputer Science (R0)