论文信息 - Building a multidimensional pattern language for insider threats

Building a multidimensional pattern language for insider threats

As part of ongoing insider threat research at the CERT Program, we have developed 26 patterns for insider threat. This paper describes our attempts at organizing those patterns into a pattern language. After discarding several hierarchical, unidimensional models, we adopted a multidimensional organization that allows searching and browsing along five dimensions simultaneously, using faceted classification. We illustrate the resulting pattern language with a sample pattern, including a discussion of our use of Business Process Modeling Notation (BPMN) and brief descriptions of all the patterns.

Andrew P. Moore | David A. Mundie | David McIntire | David M. McIntire | A. Moore

[1] John A. Zachman,et al. A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[2] Max Jacobson,et al. A Pattern Language: Towns, Buildings, Construction , 1981 .

[3] Eduardo B. Fernández,et al. A Multi-Dimensional Classification for Users of Security Patterns , 2008, J. Res. Pract. Inf. Technol..

[4] Ralph E. Johnson,et al. Growing a pattern language (for security) , 2012, Onward! 2012.

[5] G. G. Stokes. "J." , 1890, The New Yale Book of Quotations.

[6] Elisa Bertino,et al. Data Protection from Insider Threats , 2012, Data Protection from Insider Threats.

[7] Peter Sommerlad,et al. Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8] K. Baker,et al. An unpublished essay of Condorcet on technical methods of classification , 1962 .

[9] Clay Shirky. Here Comes Everybody: The Power of Organizing Without Organizations , 2008 .