Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019 / Cataloged from PDF version of thesis. / Includes bibliographical references (pages 105-110). / It has become common place to hear of data breaches. Typically, we hear of external hackers as the perpetrators, however, the reality is there is a high frequency of threats from insiders within an organization and that the cost and challenge in detecting these threats is considerable. The issue has affected companies in multiple private sectors (finance, retail) and the public sector is also at risk as apparent with the Edward Snowden and Chelsea Manning cases. This thesis explores the current space of insider threats in terms of frequency, cost and complexity in attack assessment. It also explores the multiple perspectives and stakeholders that make up the complex insider threat systems. Insights from multiple insider threat cases as well as subject matter experts in cyber security were used to model and pinpoint the high value metrics around access management and logging that will aid audit efforts. Following this an exploration of kill chains, blockchain technology and hierarchical organization exploration is made. Research findings highlight the wide reach of excessive privileges and the crucial role resource access and event logging of stakeholder actions plays in the success of insider threat prevention. In response to this finding a proposal is made for a combined solution that aims to provide an easy and accessible interface for searching and requesting access to resources that scales with an organization. This proposal suggests the capitalization of the transparent and immutable properties of blockchain to ledger the requesting and approval of file access through dynamic and multi user approval logic. The solution combines simplistic file-based resource access in an accessible manner with a multi layered security approach that adds further hurdles for bad actors but provides a visible and reliable look back on an immutable audit path. / by Nana Essilfie-Conduah. / S.M. in Engineering and Management / S.M.inEngineeringandManagement Massachusetts Institute of Technology, System Design and Management Program
| Identifer | oai:union.ndltd.org:MIT/oai:dspace.mit.edu:1721.1/122440 |
| Date | January 2019 |
| Creators | Essilfie-Conduah, Nana,S.M.Massachusetts Institute of Technology. |
| Contributors | Abel Sanchez and Donna H. Rhodes., Massachusetts Institute of Technology. Engineering and Management Program., System Design and Management Program., Massachusetts Institute of Technology. Engineering and Management Program, System Design and Management Program |
| Publisher | Massachusetts Institute of Technology |
| Source Sets | M.I.T. Theses and Dissertation |
| Language | English |
| Detected Language | English |
| Type | Thesis |
| Format | 110 pages, application/pdf |
| Rights | MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission., http://dspace.mit.edu/handle/1721.1/7582 |
Page generated in 0.0015 seconds