Issue No. 03 - May/June (2012 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.17
Asaf Shabtai , Ben Gurion University of the Negev, Beer-Sheva
Lior Rokach , Ben Gurion University of the Negev, Beer-Sheva
Yuval Elovici , Ben Gurion University of the Negev, Beer-Sheva
Amir Harel , Ben Gurion University of the Negev, Beer-Sheva
Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization's systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.
Data leakage, data misuse, security measures, misuseability weight.
Asaf Shabtai, Lior Rokach, Yuval Elovici, Amir Harel, "M-Score: A Misuseability Weight Measure", IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 414-428, May/June 2012, doi:10.1109/TDSC.2012.17