Recent surveys indicate that the ``financial impact and operating losses due to insider intrusions are increasing'' . Within the government, insider abuse by those with access to sensitive or classified material can be particularly damaging. Further, the detection of such abuse is becoming more difficult due to other influences, such as out-sourcing, social networking and mobile computing. This paper focuses on a key aspect of our enterprise-wide architecture: a risk assessment based on predictions of the likelihood that a specific user poses an increased risk of behaving in a manner that is inconsistent with the organization’s stated goals and interests. We present a high-level architectural description for an enterprise-level insider threat product and we describe psychosocial factors and associated data needs to recognize possible insider threats.
Revised: June 23, 2010 |
Published: May 12, 2009
Citation
Bishop M., C. Gates, D.A. Frincke, and F.L. Greitzer. 2009.AZALIA: an A to Z Assessment of the Likelihood of Insider Attack. In IEEE Conference on Technologies for Homeland Security (HST '09), May 11-12, 2009, Boston, MA. Piscataway, New Jersey:IEEE.PNNL-SA-66272.doi:10.1109/THS.2009.5168063