E-Book, Englisch, 244 Seiten
Hunker / Gollmann / Bishop Insider Threats in Cyber Security
1. Auflage 2010
ISBN: 978-1-4419-7133-3
Verlag: Springer-Verlag
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
E-Book, Englisch, 244 Seiten
Reihe: Advances in Information Security
ISBN: 978-1-4419-7133-3
Verlag: Springer-Verlag
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Insider Threats in Cyber Security is a cutting edge text presenting IT and non-IT facets of insider threats together. This volume brings together a critical mass of well-established worldwide researchers, and provides a unique multidisciplinary overview. Monica van Huystee, Senior Policy Advisor at MCI, Ontario, Canada comments 'The book will be a must read, so of course I'll need a copy.' Insider Threats in Cyber Security covers all aspects of insider threats, from motivation to mitigation. It includes how to monitor insider threats (and what to monitor for), how to mitigate insider threats, and related topics and case studies. Insider Threats in Cyber Security is intended for a professional audience composed of the military, government policy makers and banking; financing companies focusing on the Secure Cyberspace industry. This book is also suitable for advanced-level students and researchers in computer science as a secondary text or reference book.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;6
2;Contents;7
3;Aspects of Insider Threats;12
3.1;1 Introduction;12
3.2;2 Insiders and Insider Threats;13
3.2.1;2.1 Insider Threats;16
3.2.2;2.2 Taxonomies;17
3.3;3 Detection and Mitigation;18
3.4;4 Policies;20
3.5;5 Human Factors and Compliance;22
3.6;6 Conclusion;24
3.7;References;26
4;Combatting Insider Threats;27
4.1;1 A Contextual View of Insiders and Insider Threats;27
4.2;2 Risks of Insider Misuse;30
4.2.1;2.1 Types of Insiders;30
4.2.2;2.2 Types of Insider Misuse;31
4.3;3 Threats, Vulnerabilities, and Risks;32
4.3.1;3.1 Relevant Knowledge and Experience;33
4.3.2;3.2 Exploitations of Vulnerabilities;34
4.3.3;3.3 Potential Risks Resulting from Exploitations;35
4.4;4 Countermeasures;35
4.4.1;4.1 Specification of Sound Policies for Data Gathering and Monitoring;37
4.4.2;4.2 Detection, Analysis, and Identification of Misuse;38
4.4.3;4.3 Desired Responses to Detected Anomalies and Misuses;39
4.5;5 Decomposition of Insider Misuse Problems;39
4.5.1;5.1 Stages of Development and Use;40
4.5.2;5.2 Extended Profiling Including Psychological and Other Factors;41
4.6;6 Requirements for Insider-Threat-Resistant High-Integrity Elections;43
4.7;7 Relevance of the Countermeasures to Elections;46
4.8;8 Research and Development Needs;49
4.9;9 Conclusions;50
4.10;References;51
5;Insider Threat and Information Security Management;55
5.1;1 Introduction;55
5.2;2 Definitions of Insider and the Relevance to Information Security Management;56
5.3;3 Risk and Insiderness;59
5.3.1;3.1 The Importance of Organisational Culture and the Significance of Cultural Risks;61
5.3.2;3.2 Fieldwork on Culture and the Insider Threat;61
5.4;4 The Structure of the ISMS and Traditional Information Security Management Responses to Insiderness;63
5.4.1;4.1 Analysis Turning an ISMS Inwards;64
5.4.2;4.2 The Role of Operationalisation;65
5.5;5 Information Security Management Standards, Best Practice and the Insider Threat;66
5.5.1;5.1 General Security Management Standards;66
5.5.2;5.2 Guidelines Focused on the Management of the Insider Threat;67
5.5.3;5.3 Analysis of the Contribution of Best Practice and Guidelines;70
5.6;6 Crime theories and insider threat;71
5.6.1;6.1 Existing Connections between Crime Theories and Information Security Management;72
5.7;7 Implications of Crime Theories for ISMS Design;73
5.7.1;7.1 Application of SCP to the ISO Control Domains;74
5.7.2;7.2 Implications for ISMS Process Design;76
5.7.3;7.3 Summary of Crime Theory Contribution;78
5.8;8 Conclusions;79
5.9;References;80
6;A State of the Art Survey of Fraud Detection Technology;82
6.1;1 Introduction;82
6.1.1;1.1 Data Analysis Methodology;83
6.1.2;1.1.1 General;83
6.1.3;1.1.2 Procedure;84
6.2;2 Survey of Technology for Fraud Detection in Practice;85
6.2.1;2.1 General Approaches for Intrusion and Fraud Detection;85
6.2.2;2.2 State of the Art of Fraud Detection Tools and Techniques;87
6.3;3 Why Fraud Detection is not the Same as Intrusion Detection;89
6.4;4 Challenges for Fraud Detection in Information Systems;91
6.5;5 Summary;91
6.6;Acknowledgements;92
6.7;References;93
7;Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigatio;94
7.1;1 Introduction;94
7.2;2 Background;97
7.3;3 Issues of Security and Privacy;100
7.4;4 Predictive Modeling Approach;103
7.5;5 Training Needs;115
7.6;6 Conclusions and Research Challenges;118
7.7;7 Acknowledgments;120
7.8;References;120
8;A Risk Management Approach to the “Insider Threat”;123
8.1;1 Introduction;124
8.2;2 Insider Threat Assessment;125
8.2.1;2.1 Example;128
8.2.2;2.2 Summary;130
8.3;3 Access-Based Assessment;130
8.4;4 Psychological Indicator-Based Assessment;134
8.5;5 Application of Risk to System Countermeasures;138
8.5.1;5.1 Example;141
8.5.2;5.2 Summary;143
8.6;6 Conclusion;143
8.7;References;143
9;Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection;146
9.1;1 Introduction;146
9.2;2 Monitoring Modern Distributed Systems;147
9.2.1;2.1 Evidence Model;149
9.3;3 Observing Fraudulent Service Behaviours;152
9.3.1;3.1 Architectural Support;155
9.4;4 Introduction to the Legal Perspective;156
9.5;5 Basic Principles of Data Privacy Law;157
9.5.1;5.1 A Set of Six Basic Rules;158
9.5.1.1;5.1.1 Data Avoidance;158
9.5.1.2;5.1.2 Transparency;159
9.5.1.3;5.1.3 Purpose Specification and Binding;159
9.5.1.4;5.1.4 ProhibitionWithout Explicit Permission;159
9.5.1.5;5.1.5 Data Quality;160
9.5.1.6;5.1.6 Data Security;160
9.6;6 General Legal Requirements of Fraud Detection Systems;160
9.6.1;6.1 Privacy Relevance of Fraud Detection Systems;161
9.6.2;6.2 Necessary Data for Fraud Detection;161
9.6.3;6.3 Transparency in the Fraud Detection Context;162
9.6.4;6.4 Purpose Specification and Binding in Fraud Detection;162
9.6.5;6.5 Permissibility of Fraud Detection;162
9.6.6;6.6 Quality of Event Data;163
9.6.7;6.7 Security of Event Data;163
9.7;7 Technical Solutions for Privacy-respecting Fraud Detection;163
9.7.1;7.1 Technical Requirements;164
9.7.1.1;7.1.1 Requirements for Open Data;166
9.7.1.2;7.1.2 Specific Requirements for Pseudonyms in Open Data;166
9.7.1.3;7.1.3 Specific Requirements for Covered Data;167
9.7.2;7.2 Lossless Information Reduction with Covered Data;168
9.7.3;7.3 Lossy Information Reductions for Timestamps;168
9.7.3.1;7.3.1 Architecture and Algorithm;169
9.7.3.2;7.3.2 Limitations;170
9.7.3.3;7.3.3 Evaluation;171
9.8;8 Legal Improvements by Pseudonymizing Event Data;172
9.8.1;8.1 Technical Description;172
9.8.2;8.2 Privacy Relevance of Pseudonymized Event Data;173
9.8.3;8.3 Strengthening the Data Privacy Official;174
9.8.4;8.4 Disclosure With Legal Permission;174
9.8.5;8.5 Data and System Security;175
9.9;9 Conclusion;175
9.10;Acknowledgements;176
9.11;References;176
10;Towards an Access-Control Framework for Countering Insider Threats;179
10.1;1 Introduction;179
10.2;2 Motivation and related work;183
10.2.1;2.1 Illustrative scenarios;183
10.2.2;2.2 Definitions of insiders;185
10.2.3;2.3 Access control;186
10.2.4;2.4 The insider problem and access control;187
10.3;3 Trust, trustworthiness, and the insider problem;188
10.3.1;3.1 Insiderness;189
10.3.2;3.2 Trust management and risk assessment;189
10.3.3;3.3 Pragmatics of identifying suspicious events;190
10.4;4 Toward a contextand insider-aware policy language;191
10.4.1;4.1 Context and request predicates;192
10.4.2;4.2 Requirements;192
10.4.3;4.3 Policy transformations via declarative programming;193
10.4.4;4.4 Discussion of requirements;194
10.4.5;4.5 Policy transformations;195
10.4.6;4.6 Riskand trustworthiness-aware policy composition;196
10.5;5 Access-control architectures and the insider problem;197
10.6;6 Concluding remarks;198
10.7;References;200
11;Monitoring Technologies for Mitigating Insider Threats;202
11.1;1 Introduction;202
11.2;2 Related Research;205
11.3;3 Threat Model Level of Sophistication of the Attacker;206
11.4;4 Decoy Properties;207
11.5;5 Architecture;212
11.5.1;5.1 Decoy Document Distributor;212
11.5.2;5.2 SONAR;213
11.5.3;5.3 Decoys and Network Monitoring;213
11.5.4;5.4 Host-based Sensors;216
11.6;6 Concluding Remarks and Future Work;220
11.7;Acknowledgments;221
11.8;References;222
12;Insider Threat Specification as a Threat Mitigation Technique;223
12.1;1 Introduction;223
12.1.1;1.1 The Insider Threat Problem;224
12.2;2 Background;225
12.2.1;2.1 The Common Intrusion Specification Language;225
12.2.2;2.2 Panoptis;229
12.3;3 Insider Misuse Taxonomies and Threat Models;230
12.4;4 The Scope of the Insider Threat Prediction Specification Language;241
12.4.1;4.1 The Domain Specific Language Programming Paradigm;244
12.5;5 Conclusion;246
12.6;References;246
