Information Technology Reference
In-Depth Information
4
Summary of Model Attributes and Future Work
The fundamental concept underlying this model is expressing the malicious in-
sider through distinct actions that are capable of being decomposed and ana-
lyzed. It presents a complete and well-defined taxonomy of the insider because
the interest is in definable actions and not attempted categorization of individ-
ual attributes. Organizations can use this methodology to perform a cost/threat
analysis to determine what acceptable risks exist and implement or develop
countermeasures as appropriate. The model is scalable and has built-in flexi-
bility for adapting to different organizations and information systems. These
concepts present a process for effectively defining the malicious insider and pro-
viding the security community an effective tool for addressing the insider threat
in a coordinated effort.
Further research for this methodology involves developing a fully decomposed
baseline tree that addresses the majority of possible insider actions. This process
should then lead to the automation of model development for the security profes-
sional and allow organizations to tailor the baseline tree for their specific system
structure and policies.
References
1. Anderson, R., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., Van Wyk, K.:
Research on Mitigating the Insider Threat to Information Systems. Proceedings of
the Insider Workshop. CF-163-DARPA. Arlington, VA (2000)
2. Chinchani, R., Iyer, A., Ngo, H., Upadhyaya, S.: Towards a Theory of Insider Threat
Assessment. Proceedings of the 2005 International Conference on Dependable Sys-
tems and Networks (DSN 2005), June 28-July 01, Yokohama, Japan (2005)
3. Daley, K., Larson, R., Dawkins, J.: A Structural Framework for Modeling Multi-
Stage Network Attacks. Proceedings of the IEEE International Conference on Par-
allel Processing Workshops (2002) 5-10
4. Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. Proceedings
of the 15th IEEE Computer Security Foundations Workshop (2002) 49
5. Phillips, C., Swiler, L.: A Graph-Based system for network vulnerability analysis.:
ACM New Security Paradigms Workshop (1998) 71-79
6. Randazzo, M., Keeney, M., Kowalski, E., Cappelli, D., Moore, A.: Insider Threat
Study: Illicit Cyber Activity in the Banking and Finance Sector. U.S. Secret Service
and CERT Coordination Center/SEI (2004)
7. Schneier, B.: Secrets and Lies. Wiley Publishing (2000) 318-333
8. Sheyner, O., Haines, J., Jha, S., Lippman, R., Wing, J.: Automated Generation and
Analysis of Attack Graphs. Proceedings of the IEEE Symposium on Security and
Privacy (2002) 254-265
