Towards an insider threat prediction specification language
Abstract
Purpose
This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.
Design/methodology/approach
Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.
Findings
The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.
Originality/value
This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.
Keywords
Citation
Magklaras, G.B., Furnell, S.M. and Brooke, P.J. (2006), "Towards an insider threat prediction specification language", Information Management & Computer Security, Vol. 14 No. 4, pp. 361-381. https://doi.org/10.1108/09685220610690826
Publisher
:Emerald Group Publishing Limited
Copyright © 2006, Emerald Group Publishing Limited