This Article 
 Bibliographic References 
 Add to: 
2013 IEEE CS Security and Privacy Workshops (SPW2013)
San Francisco, CA USA
May 23-May 24
ISBN: 978-1-4799-0458-7
Frank L. Greitzer, PsyberAnalytix, Richland, WA, USA
Thomas A. Ferryman, Astute Analytics, Richland, WA, USA
The insider threat is a prime security concern for government and industry organizations. As insider threat programs come into operational practice, there is a continuing need to assess the effectiveness of tools, methods, and data sources, which enables continual process improvement. This is particularly challenging in operational environments, where the actual number of malicious insiders in a study sample is not known. The present paper addresses the design of evaluation strategies and associated measures of effectiveness; several quantitative/statistical significance test approaches are described with examples, and a new measure, the Enrichment Ratio, is proposed and described as a means of assessing the impact of proposed tools on the organization's operations.
Index Terms:
Data models,Monitoring,Testing,Predictive models,Measurement,Sociology,Statistics,assessment,insider threat,evaluation,validation,metrics
Frank L. Greitzer, Thomas A. Ferryman, "Methods and Metrics for Evaluating Analytic Insider Threat Tools," spw, pp.90-97, 2013 IEEE CS Security and Privacy Workshops (SPW2013), 2013
Usage of this product signifies your acceptance of the Terms of Use.