An insider threat prediction model
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
| Hi-index | 0.00 |
Current protection strategies against insider adversaries are expensive, intrusive, not systematically implemented, and operate independently; too often, these strategies are defeated. The authors discuss the development of methods for a systems-based approach to insider security. To investigate insider evolution within an organization, they use system dynamics to develop a preliminary model of the employee life cycle that defines and analyzes the employee population's interactions with insider security protection strategies. The authors exercised the model for an example scenario that focused on human resources and personnel security activities—specifically, prehiring screening and security clearance processes. The model provides a framework for understanding important interactions, interdependencies, and gaps in insider protection strategies. This work provides the basis for developing an integrated systems-based process for building—that is, designing, evaluating, and operating—a system for effective insider security.