The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2009 vol.7)
pp: 10-13
Shari Lawrence Pfleeger , RAND Corporation
Salvatore J. Stolfo , Columbia University
ABSTRACT
In their guest editors' introduction to the special issue on Insider Threat, Shari Lawrence Pfleeger and Salvatore Stolfo describe a taxonomy of insiders and their unwelcome actions, as well as the need for credible data to document the size and nature of the insider threat. They suggest that the three articles in the special issue shed light not only on how to generate data for further study but also on how to use the data in models that can help evaluate the likely effects of various responses. The introduction ends with a matrix showing the variety of sensible and effective responses that must be sensitive to the organizations, systems, environments, and individuals involved with inappropriate insider behavior.
INDEX TERMS
insider threat, modeling, behavior, human factors
CITATION
Shari Lawrence Pfleeger, Salvatore J. Stolfo, "Addressing the Insider Threat", IEEE Security & Privacy, vol.7, no. 6, pp. 10-13, November/December 2009, doi:10.1109/MSP.2009.146
REFERENCES
1. R.H. Anderson, Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems: Results of a Three-Day Workshop, research report RAND CF-151-OSD, RAND Corp., 1999.
2. R.H. Anderson et al., Research on Mitigating the Insider Threat to Information Systems #2, Proc. Workshop Held August 2000, research report RAND CF-163-DARPA, RAND Corp., 2000.
3. R.C Brackney and R.H. Anderson, Understanding the Insider Threat: Proceedings of a March 2004 Workshop, research report RAND CF-196-ARDA, RAND Corp., 2004.
4. Final Report of the Insider Threat Integrated Process Team, Office of the Assistant Secretary of Defense (Command, Control, Communications, and Intelligence), US Dept. Defense, 24 Apr. 2000.
5. M. Keeney et al., "Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors," US Secret Service and CERT Coordination Center/SEI, May 2005.
6. R. Richardson, "2007 Computer Crime and Security Survey," Computer Security Inst., 2007, pp. 12–13, 15; http://i.cmpnet.com/v2.gocsi.com/pdfCSISurvey2007.pdf .
7. R. Richardson, "2008 CSI Computer Crime and Security Survey," Computer Security Inst., 2008; www.gocsi.com/formscsi_survey.jhtml.
8. R. Rantala, Cybercrime against Businesses, 2005, special report NCJ221943, US Bureau of Justice Statistics, Sept. 2008; www.ojp.usdoj.gov/bjs/pub/pdfcb05.pdf.
9. J. Predd et al., "Insiders Behaving Badly," IEEE Security and Privacy, vol. 6, no. 4, 2008, pp. 66–70.
10. S.L. Robinson and J. Greenberg, "Employees Behaving Badly: Dimensions, Determinants, and Dilemmas in the Study of Workplace Deviance," Trends in Organizational Behavior, C.L. Cooper, and D.M. Rousseau eds., vol. 5, Wiley, 1998, pp. 1–30.
31 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool