Insiders and Insider Threats: An Overview of Definitions and Mitigation Techniques

摘要: Threats from the inside of an organization’s perimeters are a significant problem, since it is difficult to distinguish them benign activity. In this overview article we discuss defining properties insiders and insider threats. After presenting definitions these terms, go on number approaches technological, sociological, socio-technical domain. We draw two main conclusions. Tackling threats requires combination techniques technical, domain, enable qualified detection threats, their mitigation. Another important observation that distinction between outsiders seems loose significance as IT infrastructure used in performing attacks. Little real-world data available about threat [1], yet recognizing when attempting do something they should not corporate or organizational (computer) system problem cyber security general. This “insider threat” has received considerable attention, cited one most serious problems [2]1. It also considered deal with because often have information capabilities known external attackers, consequence can cause harm. Yet, little threat. Especially US, there been substantial research better understand develop more effective approaches. Starting 1999, RAND conducted series workshops elucidate necessary agenda address [3, 4, 5]. parallel, Defense Department produced its own report [6], outlining both set policy changes directions aimed at addressing Since then, rich literature studying various aspects emerged. However, motivation for work appears differ among countries. Much interest US arguably derives highly public damaging national incidents; Robert Hanssen (arrested 2001) was FBI who stole sold secrets Russians, recently Bradley Manning, Army soldier insider, provided Wiki Leaks numerous sensitive government documents. European other hand mostly driven criminal acts committed by privately employed insiders, $7 billion dollar fraud against French bank Societe Generale traders, Jerome Kerviel. Several issues make attacks performed especially practitioners perspective. There no uniform widely accepted definition either “insider” threat”. Indeed, forced conclude chosen depends concern specific audience; unfortunately sometimes terminology without precise being made clear. Real-world sets almost completely missing, shared across [7], but particularly acute Because already within least some element perimeter, applicable “outsider” may be equally insiders. As consequence, poses unique arising his privileged status. Journal Wireless Mobile Networks, Ubiquitous Computing, Dependable Applications, volume: 2, number: 1, pp. 4-27 1The 2008 CSI Computer Crime Security Survey ranks abuse” second only viruses terms attack types experienced respondents.