The Community for Technology Leaders
Green Image
Issue No. 03 - May/June (2012 vol. 9)
ISSN: 1545-5971
pp: 414-428
Asaf Shabtai , Ben Gurion University of the Negev, Beer-Sheva
Lior Rokach , Ben Gurion University of the Negev, Beer-Sheva
Yuval Elovici , Ben Gurion University of the Negev, Beer-Sheva
Amir Harel , Ben Gurion University of the Negev, Beer-Sheva
ABSTRACT
Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization's systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.
INDEX TERMS
Data leakage, data misuse, security measures, misuseability weight.
CITATION
Asaf Shabtai, Lior Rokach, Yuval Elovici, Amir Harel, "M-Score: A Misuseability Weight Measure", IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 414-428, May/June 2012, doi:10.1109/TDSC.2012.17
176 ms
(Ver )