During last decade the number of successful intruder attacks has increased in many times. The damage caused by these attacks is estimated in hundreds millions of dollars. Insiders have a significant advantage over others who might want to harm an organization. Insiders can bypass physical and technical security measures designed to prevent unauthorized access. Mechanisms such as firewalls, intrusion detection systems, and electronic building access systems are implemented primarily to defend against external cyber threats. In spite of the complexity the problem, insiders can be stopped by means of a layered defense strategy consisting of policies, procedures, and technical controls. The paper describes a threat model of insider attacks and modern technologies that allow to protect computer systems against insiders. The paper covers advantages and disadvantages of different approaches that are used nowadays for detection and prevention of insider attacks.
[1]
Sergey Avdoshin,et al.
Some approaches to information security of communication networks
,
2002,
Informatica.
[2]
Randall F. Trzeciak,et al.
Common Sense Guide to Prevention and Detection of Insider Threats
,
2006
.
[3]
Victor Serdiouk,et al.
Behavior-Based Model of Detection and Prevention of Intrusions in Computer Networks
,
2005,
MMM-ACNS.
[4]
Thomas Bozek,et al.
Research on Mitigating the Insider Threat to Information Systems - #2
,
2000
.
[5]
Martin P. Loeb,et al.
CSI/FBI Computer Crime and Security Survey
,
2004
.