Reachability-based impact as a measure for insiderness

Christian W. Probst; René Rydhof Hansen

Reachability-based impact as a measure for insiderness

Christian W. Probst, René Rydhof Hansen

Research output: Contribution to journal › Article › Academic › peer-review

3 Citations (Scopus)

57 Downloads (Pure)

Abstract

Insider threats pose a difficult problem for many organisations. While organisations in principle would like to judge the risk posed by a specific insider threat, this is in general not possible. This limitation is caused partly by the lack of models for human behaviour, partly by restrictions on how much and what may be monitored, and by our inability to identify relevant features in large amounts of logged data. To overcome this, the notion of insiderness has been proposed, which measures the degree of access an actor has to a certain resource. We extend this notion with the concept of impact of an insider, and present different realisations of impact. The suggested approach results in readily usable techniques that allow to get a quick overview of potential insider threats based on locations and assets reachable by employees. We present several variations ranging from pure reachability to potential damage to assets causable by an insider.

Original language	English
Pages (from-to)	38-48
Number of pages	11
Journal	Journal of wireless mobile networks, ubiquitous computing, and dependable applications
Volume	4
Issue number	4
Publication status	Published - Dec 2013

Keywords

EC Grant Agreement nr.: FP7/318003
EC Grant Agreement nr.: FP7/2007-2013
Insiderness
Insider threats
System models

Access to Document

Probst2013reachabilityFinal published version, 667 KB

http://isyou.info/jowua/abstracts/jowua-v4n4-3.htm

Cite this

@article{ffd555bfd8bf46f785e53687271cf2f6,

title = "Reachability-based impact as a measure for insiderness",

abstract = "Insider threats pose a difficult problem for many organisations. While organisations in principle would like to judge the risk posed by a specific insider threat, this is in general not possible. This limitation is caused partly by the lack of models for human behaviour, partly by restrictions on how much and what may be monitored, and by our inability to identify relevant features in large amounts of logged data. To overcome this, the notion of insiderness has been proposed, which measures the degree of access an actor has to a certain resource. We extend this notion with the concept of impact of an insider, and present different realisations of impact. The suggested approach results in readily usable techniques that allow to get a quick overview of potential insider threats based on locations and assets reachable by employees. We present several variations ranging from pure reachability to potential damage to assets causable by an insider.",

keywords = "EC Grant Agreement nr.: FP7/318003, EC Grant Agreement nr.: FP7/2007-2013, Insiderness, Insider threats, System models",

author = "Probst, {Christian W.} and Hansen, {Ren{\'e} Rydhof}",

year = "2013",

month = dec,

language = "English",

volume = "4",

pages = "38--48",

journal = "Journal of wireless mobile networks, ubiquitous computing, and dependable applications",

issn = "2093-5374",

publisher = "Innovative Information Science and Technology Research Group",

number = "4",

}

TY - JOUR

T1 - Reachability-based impact as a measure for insiderness

AU - Probst, Christian W.

AU - Hansen, René Rydhof

PY - 2013/12

Y1 - 2013/12

N2 - Insider threats pose a difficult problem for many organisations. While organisations in principle would like to judge the risk posed by a specific insider threat, this is in general not possible. This limitation is caused partly by the lack of models for human behaviour, partly by restrictions on how much and what may be monitored, and by our inability to identify relevant features in large amounts of logged data. To overcome this, the notion of insiderness has been proposed, which measures the degree of access an actor has to a certain resource. We extend this notion with the concept of impact of an insider, and present different realisations of impact. The suggested approach results in readily usable techniques that allow to get a quick overview of potential insider threats based on locations and assets reachable by employees. We present several variations ranging from pure reachability to potential damage to assets causable by an insider.

AB - Insider threats pose a difficult problem for many organisations. While organisations in principle would like to judge the risk posed by a specific insider threat, this is in general not possible. This limitation is caused partly by the lack of models for human behaviour, partly by restrictions on how much and what may be monitored, and by our inability to identify relevant features in large amounts of logged data. To overcome this, the notion of insiderness has been proposed, which measures the degree of access an actor has to a certain resource. We extend this notion with the concept of impact of an insider, and present different realisations of impact. The suggested approach results in readily usable techniques that allow to get a quick overview of potential insider threats based on locations and assets reachable by employees. We present several variations ranging from pure reachability to potential damage to assets causable by an insider.

KW - EC Grant Agreement nr.: FP7/318003

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - Insiderness

KW - Insider threats

KW - System models

M3 - Article

SN - 2093-5374

VL - 4

SP - 38

EP - 48

JO - Journal of wireless mobile networks, ubiquitous computing, and dependable applications

JF - Journal of wireless mobile networks, ubiquitous computing, and dependable applications

IS - 4

ER -

Reachability-based impact as a measure for insiderness

Abstract

Keywords

Access to Document

Fingerprint

Cite this