2009 42nd Hawaii International Conference on System Sciences (2009)
Waikoloa, Big Island, Hawaii
Jan. 5, 2009 to Jan. 8, 2009
Much of the literature on insider threat assumes, explicitly or implicitly, a binary, perimeter-based notion of an insider. However, it is generally accepted that this notion is unrealistic. The Attribute-Based Group Access Control (ABGAC) framework is a generalization of Role-Based Access Control (RBAC) which allows us to define a non-binary notion of "insiderness". In this paper, we illustrate how to use ABGAC to perform insider threat analysis of high-risk resources with three case studies. This precise yet flexible identification of high-risk resources and associated insiders allows organizations to understand where to target efforts towards defending against the insider problem.
M. Bishop, S. Engle, S. Whalen, S. Peisert and C. Gates, "Case Studies of an Insider Framework," 2009 42nd Hawaii International Conference on System Sciences(HICSS), Waikoloa, Big Island, Hawaii, 1899, pp. 1-10.