Modelling of enterprise insider threats

In this paper, a position has been taken to include the non-human active agents as insiders of an enterprise, as opposed to only human insiders as found in the literature. This eliminates the necessity of including the psycho-social and criminological behavioural traits to be incorporated in the management of insider threats. A framework of an Enterprise has been developed and it is shown that within the framework, both the human and non-human agents can be modelled as insider threats in a uniform manner. An example case has been analysed as supporting evidences for the point of view.

[1]  Dawn M. Cappelli,et al.  Insider Theft of Intellectual Property for Business Advantage : A Preliminary Model , 2009 .

[2]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[3]  Deborah A. Frincke,et al.  A Risk Management Approach to the "Insider Threat" , 2010, Insider Threats in Cyber Security.

[4]  Brajendra Panda,et al.  Performance analysis of an insider threat mitigation model , 2008, 2008 Third International Conference on Digital Information Management.

[5]  Marianthi Theoharidou,et al.  Insider Threat and Information Security Management , 2010, Insider Threats in Cyber Security.

[6]  M. Schreiner,et al.  We Have Met the Enemy and He Is Us , 2011 .

[7]  Sadie Creese,et al.  Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection , 2013, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[8]  Roland Groz,et al.  Inferring Mealy Machines , 2009, FM.

[9]  Dawn M. Cappelli,et al.  A Preliminary Model of Insider Theft of Intellectual Property , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[10]  Erik Meijer,et al.  The responsive enterprise: embracing the hacker way , 2014, CACM.

[11]  Lyndsey Franklin,et al.  Predictive Modeling for Insider Threat Mitigation , 2009 .

[12]  William Eberle,et al.  Insider Threat Detection Using Graph-Based Approaches , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[13]  Frank L. Greitzer,et al.  Modeling Human Behavior to Anticipate Insider Attacks , 2011 .

[14]  Frank L. Greitzer,et al.  Identifying at-risk employees: A behavioral model for predicting potential insider threats , 2010 .