A Conceptual Model for Holistic Classification of Insider

The process through which an insider to an organization can be described or classified is lined within the orthodox paradigm of classification in which an organization considers only subject with requisite employee criterion as an insider to that organization. This is further clouded with the relative rigidity in operational security policies being implemented in organizations. Establishing investigation process in instances of misuse occurrence and or ascertaining the efficiency of staff member using such archaic paradigm is maligned with endless possibilities of uncertainties. This study, therefore, proposes a holistic model for which insider classification can be crystallized using the combination of qualitative research process and analysis of moment structure evaluation process. A full comprehension of this proposition could serve as a hinge through which insider misuse investigation can be thoroughly carried out. In addition, integrating this paradigm into existing operational security policies could serve as a metric upon which an organization can understand insider dynamics, in order to prevent misuses, and enhance staff management.

[1]  John Rushby,et al.  The Bell and La Padula Security Model , 1986 .

[2]  Shukor Abd Razak,et al.  A Digital Forensic Investigation Model for Insider Misuse , 2013, CSE 2013.

[3]  Maria Papadaki,et al.  LUARM: An Audit Engine for Insider Misuse Detection , 2011, Int. J. Digit. Crime Forensics.

[4]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[5]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[6]  D W Morgan,et al.  DETERMINING SAMPLE SIZE FOR ACTIVITIES , 1970 .

[7]  J. Morse Determining Sample Size , 2000 .

[8]  G. B. Magklaras The Insider Misuse Threat Survey : Investigating IT misuse from legitimate users , 2008 .

[9]  James E. Bartlett,et al.  Organizational research: Determining appropriate sample size in survey research , 2001 .

[10]  William D. Schafer,et al.  Practical Assessment, Research & Evaluation, 2000-2001. , 2001 .

[11]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[12]  Peter G. Neumann,et al.  Risks of insiders , 1999 .

[13]  Dieter Gollmann,et al.  Insider Threats in Cyber Security , 2010, Insider Threats in Cyber Security.

[14]  Kuheli Roy Sarkar Assessing insider threats to information security using technical, behavioural and organisational measures , 2010, Inf. Secur. Tech. Rep..

[15]  Abdulrazaq Abdulaziz Al-Morjan An investigation into a digital forensic model to distinguish between “insider” and “outsider” , 2010 .