Insider Threats
EE8084: Cyber Security
Topic: Insider Threat Detection and Management
ABSTRACT
Insider threats are considered as one of the most serious security problems in many studies and have received considerable attention among organizations over the world. This report will present the term “insider” and “insider threats” in cyber security, motives and effects of insider threats, underlying issues and causes of insider threats, prevention and detection of insider threats and management of insider threats within the organizations. The report will include case studies of malicious insider threats on IT sabotage and fraud as well as oblivious insider threats with analysis and discussions.
1. INTRODUCTION
In recent years, countries around the world have been developing rules and regulations which are designed to support data confidentiality and security. Many organizations have spent decades on building stronger defenses against intrusion, including firewalls, anti-virus software, email security, identity access badges, security policies and procedures. These protections have made the business world more effective at blocking threats and attacks from the outside and made it increasingly difficult for hackers and viruses to penetrate into the system. However these protections provide only a first line of defense since it is designed to prevent unauthorized access.
There are also threats and attacks from the inside of the organizations and sometimes these can cause far more damage to the organizations than external attacks. Also it is considered the most difficult problem to detect and deal with because an insider is a trusted member of the organization and has access to information, valid authorization and capabilities [8]. Therefore the discussion of insider threat is important and must be well defined in order to analyze the problem precisely and approach a solution.
Insider and Insider Threats
An insider is anyone who has the access rights to a
Topic: Insider Threat Detection and Management
ABSTRACT
Insider threats are considered as one of the most serious security problems in many studies and have received considerable attention among organizations over the world. This report will present the term “insider” and “insider threats” in cyber security, motives and effects of insider threats, underlying issues and causes of insider threats, prevention and detection of insider threats and management of insider threats within the organizations. The report will include case studies of malicious insider threats on IT sabotage and fraud as well as oblivious insider threats with analysis and discussions.
1. INTRODUCTION
In recent years, countries around the world have been developing rules and regulations which are designed to support data confidentiality and security. Many organizations have spent decades on building stronger defenses against intrusion, including firewalls, anti-virus software, email security, identity access badges, security policies and procedures. These protections have made the business world more effective at blocking threats and attacks from the outside and made it increasingly difficult for hackers and viruses to penetrate into the system. However these protections provide only a first line of defense since it is designed to prevent unauthorized access.
There are also threats and attacks from the inside of the organizations and sometimes these can cause far more damage to the organizations than external attacks. Also it is considered the most difficult problem to detect and deal with because an insider is a trusted member of the organization and has access to information, valid authorization and capabilities [8]. Therefore the discussion of insider threat is important and must be well defined in order to analyze the problem precisely and approach a solution.
Insider and Insider Threats
An insider is anyone who has the access rights to a