|
Reachability-based Impact as a Measure for Insiderness
rrh@cs.aau.dk Abstract Insider threats pose a difficult problem for many organisations. While organisations in principle would like to judge the risk posed by a specific insider threat, this is in general not possible. This limitation is caused partly by the lack of models for human behaviour, partly by restrictions on how much and what may be monitored, and by our inability to identify relevant features in large amounts of logged data. To overcome this, the notion of insiderness has been proposed, which measures the degree of access an actor has to a certain resource. We extend this notion with the concept of impact of an insider, and present different realisations of impact. The suggested approach results in readily usable techniques that allow to get a quick overview of potential insider threats based on locations and assets reachable by employees. We present several variations ranging from pure reachability to potential damage to assets causable by an insider. Keywords: system models, insiderness, insider threats +: Corresponding author: Christian W. Probst DTU Compute, The Technical University of Denmark, Building 322, Room 117, Journal of Wireless Mobile Networks,
Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 4, No. 4, pp. 38-48,
December 2013 [pdf] |