Reachability-based impact as a measure for insiderness

Christian W. Probst, René Rydhof Hansen

    Research output: Contribution to journalArticleAcademicpeer-review

    3 Citations (Scopus)
    30 Downloads (Pure)

    Abstract

    Insider threats pose a difficult problem for many organisations. While organisations in principle would like to judge the risk posed by a specific insider threat, this is in general not possible. This limitation is caused partly by the lack of models for human behaviour, partly by restrictions on how much and what may be monitored, and by our inability to identify relevant features in large amounts of logged data. To overcome this, the notion of insiderness has been proposed, which measures the degree of access an actor has to a certain resource. We extend this notion with the concept of impact of an insider, and present different realisations of impact. The suggested approach results in readily usable techniques that allow to get a quick overview of potential insider threats based on locations and assets reachable by employees. We present several variations ranging from pure reachability to potential damage to assets causable by an insider.
    Original languageEnglish
    Pages (from-to)38-48
    Number of pages11
    JournalJournal of wireless mobile networks, ubiquitous computing, and dependable applications
    Volume4
    Issue number4
    Publication statusPublished - Dec 2013

    Keywords

    • EC Grant Agreement nr.: FP7/318003
    • EC Grant Agreement nr.: FP7/2007-2013
    • Insiderness
    • Insider threats
    • System models

    Fingerprint Dive into the research topics of 'Reachability-based impact as a measure for insiderness'. Together they form a unique fingerprint.

    Cite this