Issue No. 06 - November/December (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.111
David P. Duggan , SANDIA NATIONAL LABORATORIES, ALBUQUERQUE
Edward Bruce Held , SANDIA NATIONAL LABORATORIES, ALBUQUERQUE
Stephen H. Conrad , SANDIA NATIONAL LABORATORIES, ALBUQUERQUE
Gregory N. Conrad , SANDIA NATIONAL LABORATORIES, ALBUQUERQUE
Felicia Duran , SANDIA NATIONAL LABORATORIES, ALBUQUERQUE
Current protection strategies against insider adversaries are expensive, intrusive, not systematically implemented, and operate independently; too often, these strategies are defeated. The authors discuss the development of methods for a systems-based approach to insider security. To investigate insider evolution within an organization, they use system dynamics to develop a preliminary model of the employee life cycle that defines and analyzes the employee population's interactions with insider security protection strategies. The authors exercised the model for an example scenario that focused on human resources and personnel security activities—specifically, prehiring screening and security clearance processes. The model provides a framework for understanding important interactions, interdependencies, and gaps in insider protection strategies. This work provides the basis for developing an integrated systems-based process for building—that is, designing, evaluating, and operating—a system for effective insider security.
insider threat; insider security; insider security systems; system dynamics modeling; modeling methodologies; model development; simulation, modeling, and visualization, applications; computing methodologies.
David P. Duggan, Edward Bruce Held, Stephen H. Conrad, Gregory N. Conrad, Felicia Duran, "Building A System For Insider Security", IEEE Security & Privacy, vol. 7, no. , pp. 30-38, November/December 2009, doi:10.1109/MSP.2009.111