Online from: 1993
Subject Area: Information and Knowledge Management
|Title:||Towards an insider threat prediction specification language|
|Author(s):||G.B. Magklaras, (Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, UK), S.M. Furnell, (Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, UK), P.J. Brooke, (School of Computing, University of Teesside, Middlesbrough, UK)|
|Citation:||G.B. Magklaras, S.M. Furnell, P.J. Brooke, (2006) "Towards an insider threat prediction specification language", Information Management & Computer Security, Vol. 14 Iss: 4, pp.361 - 381|
|Keywords:||Data security, Information systems|
|Article type:||Conceptual paper|
|DOI:||10.1108/09685220610690826 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
Purpose – This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.
Design/methodology/approach – Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.
Findings – The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into language semantics. The language construction methodology is based upon observed information security survey trends and the study of existing insider threat and intrusion specification frameworks.
Originality/value – This paper summarizes the picture of the insider threat in IT infrastructures and provides a useful reference for insider threat modeling researchers by indicating ways to abstract insider threats.
Existing customers: login
to access this document
Downloadable; Printable; Owned
HTML, PDF (327kb)
Due to our platform migration, pay-per-view is temporarily unavailable.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian