Issue No. 06 - November/December (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.110
Deanna Caputo , The MITRE Corporation, McLean
Marcus Maloof , Georgetown University, Washington
Gregory Stephens , The MITRE Corporation, McLean
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This article presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.
computer security, insider threats, computer misuse, Elicit, Exploit Latent Information to Counter Insider Threats, MITRE
D. Caputo, M. Maloof and G. Stephens, "Detecting Insider Theft of Trade Secrets," in IEEE Security & Privacy, vol. 7, no. , pp. 14-21, 2009.