Advanced Search
Journal search
Journal cover: Information Management & Computer Security

Information Management & Computer Security

ISSN: 0968-5227

Online from: 1993

Subject Area: Information and Knowledge Management

Content: Latest Issue | icon: RSS Latest Issue RSS | Previous Issues


Previous article.Icon: Print.Table of Contents.Next article.Icon: .

Towards an insider threat prediction specification language

Document Information:
Title:Towards an insider threat prediction specification language
Author(s):G.B. Magklaras, (Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, UK), S.M. Furnell, (Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, UK), P.J. Brooke, (School of Computing, University of Teesside, Middlesbrough, UK)
Citation:G.B. Magklaras, S.M. Furnell, P.J. Brooke, (2006) "Towards an insider threat prediction specification language", Information Management & Computer Security, Vol. 14 Iss: 4, pp.361 - 381
Keywords:Data security, Information systems
Article type:Conceptual paper
DOI:10.1108/09685220610690826 (Permanent URL)
Publisher:Emerald Group Publishing Limited

Purpose – This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.

Design/methodology/approach – Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.

Findings – The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.

Originality/value – This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.

Fulltext Options:



Existing customers: login
to access this document


- Forgot password?
- Athens/Institutional login



Downloadable; Printable; Owned
HTML, PDF (327kb)

Due to our platform migration, pay-per-view is temporarily unavailable.

To purchase this item please login or register.


- Forgot password?

Recommend to your librarian

Complete and print this form to request this document from your librarian

Marked list

Bookmark & share

Reprints & permissions