Detecting Unknown Insider Threat Scenarios

Defending Insider Threat

Network threat confronting organizations comes from not only outsider threat, but also insider threat. Nowadays, insider threat is widely recognized as an important issue of security management. However, tools and controls on how to fight against it are still in the research phase. Security architecture for defending insider threat is presented, which is composed of four parts: monitoring platf...

Systematizing Insider Threat mitigation

Context-Aware Insider Threat Detection

We are researching ways to detect insider threats in computer usage data crossing multiple modalities – e.g., resources and devices used, network and communication patterns – and where signals of possible threat are highly contextual – e.g., detectable only after inferring user roles, peer groups, collaborators and personal history. The contexts are also dynamic – reflecting a user’s rapid shif...

Mitigating malicious insider cyber threat

This paper examines malicious insider threat and explains the key differences from other types of insider threat and from external threat actors. A phase based “kill-chain” malicious insider threat model is developed and proposed to help inform selection of mitigation countermeasures which are complementary or incremental to a typically implemented traditional ISO 17799/27002 information securi...

Reflections on the Insider Threat

This paper reports on a workshop in June 2007 on the topic of the insider threat. Attendees represented academia and research institutions, consulting firms, industry—especially the financial services sector, and government. Most participants were from the United States. Conventional wisdom asserts that insiders account for roughly a third of the computer security loss. Unfortunately, there is ...