The Library
Understanding insider threat : a framework for characterising attacks
Tools
Nurse, Jason R. C., Buckley, Oliver, Legg, Philip A., Goldsmith, Michael, Creese, Sadie, Wright, Gordon R. T. and Whitty, Monica T. (2014) Understanding insider threat : a framework for characterising attacks. In: IEEE Security & Privacy Workshop, San Jose, CA, 17-18 May 2014. Published in: 2014 IEEE Security and Privacy Workshops (SPW) pp. 214-228. ISBN 9781479951048. doi:10.1109/SPW.2014.38
Research output not available from this repository.
Request-a-Copy directly from author or use local Library Get it For Me service.
Official URL: http://dx.doi.org/10.1109/SPW.2014.38
Abstract
The threat that insiders pose to businesses, institutions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and its prevalence. Despite this, however, there is still no unifying framework to fully characterise insider attacks and to facilitate an understanding of the problem, its many components and how they all fit together. In this paper, we focus on this challenge and put forward a grounded framework for understanding and reflecting on the threat that insiders pose. Specifically, we propose a novel conceptualisation that is heavily grounded in insider-threat case studies, existing literature and relevant psychological theory. The framework identifies several key elements within the problem space, concentrating not only on noteworthy events and indicators- technical and behavioural- of potential attacks, but also on attackers (e.g., the motivation behind malicious threats and the human factors related to unintentional ones), and on the range of attacks being witnessed. The real value of our framework is in its emphasis on bringing together and defining clearly the various aspects of insider threat, all based on real-world cases and pertinent literature. This can therefore act as a platform for general understanding of the threat, and also for reflection, modelling past attacks and looking for useful patterns.
Item Type: | Conference Item (Paper) | ||||||
---|---|---|---|---|---|---|---|
Subjects: | B Philosophy. Psychology. Religion > BF Psychology Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software |
||||||
Divisions: | Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group) | ||||||
Journal or Publication Title: | 2014 IEEE Security and Privacy Workshops (SPW) | ||||||
Publisher: | IEEE | ||||||
ISBN: | 9781479951048 | ||||||
Book Title: | 2014 IEEE Security and Privacy Workshops | ||||||
Official Date: | 20 November 2014 | ||||||
Dates: |
|
||||||
Page Range: | pp. 214-228 | ||||||
DOI: | 10.1109/SPW.2014.38 | ||||||
Status: | Peer Reviewed | ||||||
Conference Paper Type: | Paper | ||||||
Title of Event: | IEEE Security & Privacy Workshop | ||||||
Type of Event: | Workshop | ||||||
Location of Event: | San Jose, CA | ||||||
Date(s) of Event: | 17-18 May 2014 |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |