Towards a Social Network Approach for Monitoring Insider Threats to Information Security

Monitoring threats to information security is increasingly becoming important to protecting secured organizational documents. There is increasing number of threats to information security, which originates from the internal users of the system. Insider is defined as a trusted person and has access to classified documents. Our focus here is on understanding mechanisms for monitoring insiders working with the intelligence community. The analyst working with the intelligence community usually works on a TOI (Topic of Interest) and AOI (Area of Interest) so that they can develop a report about a very specific question. How do we ensure that these analysts do not perform malicious act during their course of collection, analysis and report generation for a given task? We suggest the need for social network monitoring of these analysts, which would help decreasing the threats of malicious intent of the insider. In this paper, we first provide a logical representation of analyst workflow model. Secondly, we describe the use of social network approach in general and suggest its application to monitoring insider threats. Thirdly, we provide an analysis of the properties and characteristics of social network analysis as they relate to monitoring insider threats for the intelligence community.