Abstract
Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges.
Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat.
The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders.
Original language | Undefined |
---|---|
Title of host publication | Proceedings of the 12th International Workshop on Exploring Modeling Methods in Systems Analysis and Design (EMMSAD 2007), held in conjuction with CAISE'07 |
Editors | B Pernici, J.A. Gulla |
Place of Publication | Trondheim |
Publisher | Tapir Academic Press |
Pages | 193-202 |
Number of pages | 10 |
ISBN (Print) | 978-82-519-2245-6 |
Publication status | Published - 2007 |
Event | 12th International Workshop on Exploring Modeling Methods in Systems Analysis and Design, EMMSAD 2007 - Trondheim, Norway Duration: 11 Jun 2007 → 15 Jun 2007 Conference number: 12 |
Publication series
Name | |
---|---|
Publisher | Tapir Academic Press |
Number | 2 |
Workshop
Workshop | 12th International Workshop on Exploring Modeling Methods in Systems Analysis and Design, EMMSAD 2007 |
---|---|
Abbreviated title | EMMSAD |
Country/Territory | Norway |
City | Trondheim |
Period | 11/06/07 → 15/06/07 |
Keywords
- SCS-Services
- EWI-9623
- IR-63987
- METIS-241567