<p> Malicious Insider threats consist of employees, contractors, or business partners who either have current authorized access, or have had authorized access to an organization's critical information and have intentionally misused that access in a manner that compromised the organization. Although incidents initiated by malicious insiders are fewer in number than those initiated by external threats, insider incidents are more costly on average because the threat is already trusted by the organization and often has privileged access to the organization's most sensitive information. In spite of the damage they cause there are indications that the seriousness of insider incidents are underappreciated as threats by management. The purpose of this research was to investigate who constitutes MI threats, why and how they initiate attacks, the extent to which MI activity can be modeled or predicted, and to suggest some risk mitigation strategies. The results reveal that addressing the Malicious Insider threat is much more than just a technical issue. Dealing effectively with the threat involves managing the dynamic interaction between employees, their work environment and work associates, the systems with which they interact, and organizational policies and procedures. Techniques for detecting and mitigating the threat are available and can be effectively applied. Some of the procedural and technical methods include definition of, follow through, and consistent application of corporate, and dealing with adverse events indigenous to the business environment. Other methods include conduct of a comprehensive Malicious Insider risk assessment, selective monitoring of employees in response to behavioral precursors, minimizing unknown access paths, control of the organization's production software baseline, and effective use of peer reporting.</p><p> Keywords: Cybersecurity, Professor Paul Pantani, CERT, insider, threat, IDS, SIEMS. FIM, RBAC, ABAC, behavioral, peer, precursors, access, authentication, predictive, analytics, system, dynamics, demographics.</p>
| Identifer | oai:union.ndltd.org:PROQUEST/oai:pqdtoai.proquest.com:1571095 |
| Date | 01 January 2015 |
| Creators | Schluderberg, Larry E. |
| Publisher | Utica College |
| Source Sets | ProQuest.com |
| Language | English |
| Detected Language | English |
| Type | thesis |
Page generated in 0.0026 seconds