Insiders behaving badly: addressing bad actors and their actions

Authors:
Shari Lawrence Pfleeger;Joel B. Predd;Jeffrey Hunker;Carla Bulford
Affiliations:
RAND Corporation, Arlington, VA;RAND Corporation, Arlington, VA;Jeffrey Hunker Associates, Pittsburgh, PA;Jeffrey Hunker Associates, Pittsburgh, PA
Venue:
IEEE Transactions on Information Forensics and Security
Year:
2010

Citing 11
Cited 1

An Investigation of the Therac-25 Accidents

Computer
Understanding Terror Networks

Understanding Terror Networks
Security Policies to Mitigate Insider Threat in the Document Control Domain

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Towards a Theory of Insider Threat Assessment

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
A Framework of Privacy Shield in Organizational Information Systems

ICMB '05 Proceedings of the International Conference on Mobile Business
Toward a threat model for storage systems

Proceedings of the 2005 ACM workshop on Storage security and survivability
The insider problem revisited

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Position: "insider" is relative

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Applying role based access control and genetic algorithms to insider threat detection

Proceedings of the 44th annual Southeast regional conference
Incident response: a strategic guide to handling system and network security breaches

Incident response: a strategic guide to handling system and network security breaches
Developing an insider threat model using functional decomposition

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

Towards a game theoretic authorisation model

GameSec'10 Proceedings of the First international conference on Decision and game theory for security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a framework for describing insiders and their actions based on the organization, the environment, the system, and the individual. Using several real examples of unwelcome insider action (hard drive removal, stolen intellectual property, tax fraud, and proliferation of e-mail responses), we show how the taxonomy helps in understanding how each situation arose and could have been addressed. The differentiation among types of threats suggests how effective responses to insider threats might be shaped, what choices exist for each type of threat, and the implications of each. Future work will consider appropriate strategies to address each type of insider threat in terms of detection, prevention, mitigation, remediation, and punishment.