Abstract
Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.
Highlights
Security incidents related to internal data leaks in the private, public, and military sectors have recently emerged as social issues
To design an analytic hierarchy process (AHP) [43] model for artifacts related to cyber-attack types, we analyzed various threat logs generated in conventional information and communication technology (ICT) systems in detail
In order to model leakage scenarios related to various possible insider threats from within an organization accurately, we analyzed scenarios by dividing them into “internal threats from inside the organization,” “internal threats from outside the organization,” and a “human and machine-focused internal threat scenario.”
Summary
Security incidents related to internal data leaks in the private, public, and military sectors have recently emerged as social issues. More security incidents have been attributed to insiders that are legally recognized by organizations, through the infiltration of internal systems, than to outsiders (or hackers) [1,2]. Insiders are all individuals who are able to gain access to information in the company under different circumstances. They access internal assets or systems more than outsiders with malicious intent and often cause serious damage to organizations [5,6]. This characteristic presents considerable challenges in dealing with insider threats
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
