Although the problem of insider misuse of IT systems is frequently recognised in the results of computer security surveys, it is less widely accounted for in organisational security practices and available countermeasures. Indeed, the opportunities for insider misuse, by perpetrators with legitimately assigned privileges, are often overlooked until an incident occurs. A possible reason for this is that the problem receives relatively little attention in the commonly recognised classifications of IT-related attackers and intrusions, with most focusing upon attacks and methods involving some form of system penetration and/or unauthorised access. This paper examines the potential forms of insider misuse in more detail, classifying them according to the level within in a target system at which the incidents could be detected. It is considered that such an approach could provide a relevant foundation in terms of subsequent approaches to automate insider misuse detection methods.
[1]
Erland Jonsson,et al.
How to systematically classify computer security intrusions
,
1997,
Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).
[2]
Steven Furnell,et al.
Insider Threat Prediction Tool: Evaluating the probability of IT misuse
,
2002,
Comput. Secur..
[3]
E. Eugene Schultz.
A framework for understanding and predicting insider attacks
,
2002,
Comput. Secur..
[4]
Bill Cheswick,et al.
Firewalls and internet security - repelling the wily hacker
,
2003,
Addison-Wesley professional computing series.