|
Aspects of Insider Threats |
|
|
1 | (16) |
|
|
|
|
|
|
|
|
|
|
|
1 | (1) |
|
2 Insiders and Insider Threats |
|
|
2 | (5) |
|
|
|
5 | (1) |
|
|
|
6 | (1) |
|
3 Detection and Mitigation |
|
|
7 | (2) |
|
|
|
9 | (2) |
|
5 Human Factors and Compliance |
|
|
11 | (2) |
|
|
|
13 | (2) |
|
|
|
15 | (2) |
|
Combatting Insider Threats |
|
|
17 | (28) |
|
|
|
1 A Contextual View of Insiders and Insider Threats |
|
|
17 | (3) |
|
2 Risks of Insider Misuse |
|
|
20 | (2) |
|
|
|
20 | (1) |
|
2.2 Types of Insider Misuse |
|
|
21 | (1) |
|
3 Threats, Vulnerabilities, and Risks |
|
|
22 | (3) |
|
3.1 Relevant Knowledge and Experience |
|
|
23 | (1) |
|
3.2 Exploitations of Vulnerabilities |
|
|
24 | (1) |
|
3.3 Potential Risks Resulting from Exploitations |
|
|
25 | (1) |
|
|
|
25 | (4) |
|
4.1 Specification of Sound Policies for Data Gathering and Monitoring |
|
|
27 | (1) |
|
4.2 Detection, Analysis, and Identification of Misuse |
|
|
28 | (1) |
|
4.3 Desired Responses to Detected Anomalies and Misuses |
|
|
29 | (1) |
|
5 Decomposition of Insider Misuse Problems |
|
|
29 | (4) |
|
5.1 Stages of Development and Use |
|
|
30 | (1) |
|
5.2 Extended Profiling Including Psychological and Other Factors |
|
|
31 | (2) |
|
6 Requirements for Insider-Threat-Resistant High-Integrity Elections |
|
|
33 | (3) |
|
7 Relevance of the Countermeasures to Elections |
|
|
36 | (3) |
|
8 Research and Development Needs |
|
|
39 | (1) |
|
|
|
40 | (1) |
|
|
|
41 | (4) |
|
Insider Threat and Information Security Management |
|
|
45 | (28) |
|
|
|
|
|
|
|
45 | (1) |
|
2 Definitions of Insider and the Relevance to Information Security Management |
|
|
46 | (3) |
|
|
|
49 | (4) |
|
3.1 The Importance of Organisational Culture and the Significance of Cultural Risks |
|
|
51 | (1) |
|
3.2 Fieldwork on Culture and the Insider Threat |
|
|
51 | (2) |
|
4 The Structure of the ISMS and Traditional Information Security Management Responses to Insiderness |
|
|
53 | (3) |
|
4.1 Analysis - Turning an ISMS Inwards |
|
|
54 | (1) |
|
4.2 The Role of Operationalisation |
|
|
55 | (1) |
|
5 Information Security Management Standards, Best Practice and the Insider Threat |
|
|
56 | (5) |
|
5.1 General Security Management Standards |
|
|
56 | (1) |
|
5.2 Guidelines Focused on the Management of the Insider Threat |
|
|
57 | (3) |
|
5.3 Analysis of the Contribution of Best Practice and Guidelines |
|
|
60 | (1) |
|
6 Crime theories and insider threat |
|
|
61 | (2) |
|
6.1 Existing Connections between Crime Theories and Information Security Management |
|
|
62 | (1) |
|
7 Implications of Crime Theories for ISMS Design |
|
|
63 | (6) |
|
7.1 Application of SCP to the ISO Control Domains |
|
|
64 | (2) |
|
7.2 Implications for ISMS Process Design |
|
|
66 | (2) |
|
7.3 Summary of Crime Theory Contribution |
|
|
68 | (1) |
|
|
|
69 | (1) |
|
|
|
70 | (3) |
|
A State of the Art Survey of Fraud Detection Technology |
|
|
73 | (12) |
|
|
|
|
|
|
|
|
|
73 | (3) |
|
1.1 Data Analysis Methodology |
|
|
74 | (2) |
|
2 Survey of Technology for Fraud Detection in Practice |
|
|
76 | (4) |
|
2.1 General Approaches for Intrusion and Fraud Detection |
|
|
76 | (2) |
|
2.2 State of the Art of Fraud Detection Tools and Techniques |
|
|
78 | (2) |
|
3 Why Fraud Detection is not the Same as Intrusion Detection |
|
|
80 | (2) |
|
4 Challenges for Fraud Detection in Information Systems |
|
|
82 | (1) |
|
|
|
82 | (2) |
|
|
|
84 | (1) |
|
Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation |
|
|
85 | (30) |
|
|
|
|
|
|
|
85 | (3) |
|
|
|
88 | (3) |
|
3 Issues of Security and Privacy |
|
|
91 | (3) |
|
4 Predictive Modeling Approach |
|
|
94 | (12) |
|
|
|
106 | (3) |
|
6 Conclusions and Research Challenges |
|
|
109 | (2) |
|
|
|
111 | (1) |
|
|
|
111 | (4) |
|
A Risk Management Approach to the "Insider Threat" |
|
|
115 | (24) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
116 | (1) |
|
2 Insider Threat Assessment |
|
|
117 | (5) |
|
|
|
120 | (2) |
|
|
|
122 | (1) |
|
3 Access-Based Assessment |
|
|
122 | (4) |
|
4 Psychological Indicator-Based Assessment |
|
|
126 | (4) |
|
5 Application of Risk to System Countermeasures |
|
|
130 | (5) |
|
|
|
133 | (2) |
|
|
|
135 | (1) |
|
|
|
135 | (1) |
|
|
|
135 | (4) |
|
Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection |
|
|
139 | (34) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
139 | (1) |
|
2 Monitoring Modern Distributed Systems |
|
|
140 | (5) |
|
|
|
142 | (3) |
|
3 Observing Fraudulent Service Behaviours |
|
|
145 | (4) |
|
3.1 Architectural Support |
|
|
148 | (1) |
|
4 Introduction to the Legal Perspective |
|
|
149 | (1) |
|
5 Basic Principles of Data Privacy Law |
|
|
150 | (3) |
|
5.1 A Set of Six Basic Rules |
|
|
151 | (2) |
|
6 General Legal Requirements of Fraud Detection Systems |
|
|
153 | (3) |
|
6.1 Privacy Relevance of Fraud Detection Systems |
|
|
154 | (1) |
|
6.2 Necessary Data for Fraud Detection |
|
|
154 | (1) |
|
6.3 Transparency in the Fraud Detection Context |
|
|
155 | (1) |
|
6.4 Purpose Specification and Binding in Fraud Detection |
|
|
155 | (1) |
|
6.5 Permissibility of Fraud Detection |
|
|
155 | (1) |
|
6.6 Quality of Event Data |
|
|
156 | (1) |
|
6.7 Security of Event Data |
|
|
156 | (1) |
|
7 Technical Solutions for Privacy-respecting Fraud Detection |
|
|
156 | (9) |
|
7.1 Technical Requirements |
|
|
157 | (4) |
|
7.2 Lossless Information Reduction with Covered Data |
|
|
161 | (1) |
|
7.3 Lossy Information Reductions for Timestamps |
|
|
161 | (4) |
|
8 Legal Improvements by Pseudonymizing Event Data |
|
|
165 | (3) |
|
8.1 Technical Description |
|
|
165 | (1) |
|
8.2 Privacy Relevance of Pseudonymized Event Data |
|
|
166 | (1) |
|
8.3 Strengthening the Data Privacy Official |
|
|
167 | (1) |
|
8.4 Disclosure With Legal Permission |
|
|
167 | (1) |
|
8.5 Data and System Security |
|
|
168 | (1) |
|
|
|
168 | (1) |
|
|
|
169 | (4) |
|
Towards and Access-Control Framework for Countering Indider Threats |
|
|
173 | (24) |
|
|
|
|
|
|
|
173 | (4) |
|
2 Motivation and related work |
|
|
177 | (5) |
|
2.1 Illustrative scenarios |
|
|
177 | (2) |
|
2.2 Definitions of insiders |
|
|
179 | (1) |
|
|
|
180 | (1) |
|
2.4 The insider problem and access control |
|
|
181 | (1) |
|
3 Trust, trustworthiness, and the insider problem |
|
|
182 | (3) |
|
|
|
183 | (1) |
|
3.2 Trust management and risk assessment |
|
|
183 | (1) |
|
3.3 Pragmatics of identifying suspicious events |
|
|
184 | (1) |
|
4 Toward a context- and insider-aware policy language |
|
|
185 | (6) |
|
4.1 Context and request predicates |
|
|
186 | (1) |
|
|
|
186 | (1) |
|
4.3 Policy transformations2 via declarative programming |
|
|
187 | (1) |
|
4.4 Discussion of requirements |
|
|
188 | (1) |
|
4.5 Policy transformations |
|
|
189 | (1) |
|
4.6 Risk-and trustworthiness-aware policy composition |
|
|
190 | (1) |
|
5 Access-control architectures and the insider problem |
|
|
191 | (1) |
|
|
|
192 | (2) |
|
|
|
194 | (3) |
|
Monitoring Technologies for Mitigating Insider Threats |
|
|
197 | (22) |
|
|
|
|
|
|
|
|
|
|
|
197 | (3) |
|
|
|
200 | (1) |
|
3 Threat Model - Level of Sophistication of the Attacker |
|
|
201 | (1) |
|
|
|
202 | (5) |
|
|
|
207 | (8) |
|
5.1 Decoy Document Distributor |
|
|
207 | (1) |
|
|
|
208 | (1) |
|
5.3 Decoys and Network Monitoring |
|
|
208 | (3) |
|
|
|
211 | (4) |
|
6 Concluding Remarks and Future Work |
|
|
215 | (2) |
|
|
|
217 | (2) |
|
Insider Threat Specification as a Threat Mitigation Technique |
|
|
219 | |
|
|
|
|
|
|
|
219 | (2) |
|
1.1 The Insider Threat Problem |
|
|
220 | (1) |
|
|
|
221 | (5) |
|
2.1 The Common Intrusion Specification Language |
|
|
221 | (4) |
|
|
|
225 | (1) |
|
3 Insider Misuse Taxonomies and Threat Models |
|
|
226 | (11) |
|
4 The Scope of the Insider Threat Prediction Specification Language |
|
|
237 | (5) |
|
4.1 The Domain Specific Language Programming Paradigm |
|
|
240 | (2) |
|
|
|
242 | (1) |
|
|
|
242 | |
