Insider Threats in Cyber Security
by Probst, Christian W.; Hunker, Jeffrey; Gollmann, Dieter; Bishop, MattFormat: Hardcover
Pub. Date: 2010-09-01
Publisher(s): Springer-Verlag New York Inc
Other versions by this Author
List Price: $160.48
Rent Textbook
Select for Price
Rent Digital
$85.02*
New Textbook
We're Sorry
Sold Out
Used Textbook
We're Sorry
Sold Out
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Insider Threats in Cyber Security is a cutting edge text presenting IT and non-IT facets of insider threats together. This volume brings together a critical mass of well-established worldwide researchers, and provides a unique multidisciplinary overview. Monica van Huystee, Senior Policy Advisor at MCI, Ontario, Canada comments "The book will be a must read, so of course I'll need a copy."Insider Threats in Cyber Security covers all aspects of insider threats, from motivation to mitigation. It includes how to monitor insider threats (and what to monitor for), how to mitigate insider threats, and related topics and case studies. Insider Threats in Cyber Security is intended for a professional audience composed of the military, government policy makers and banking; financing companies focusing on the Secure Cyberspace industry. This book is also suitable for advanced-level students and researchers in computer science as a secondary text or reference book.
Table of Contents
| Aspects of Insider Threats | p. 1 |
| Introduction | p. 1 |
| Insiders and Insider Threats | p. 2 |
| Insider Threats | p. 5 |
| Taxonomies | p. 6 |
| Detection and Mitigation | p. 7 |
| Policies | p. 9 |
| Human Factors and Compliance | p. 11 |
| Conclusion | p. 13 |
| References | p. 15 |
| Combatting Insider Threats | p. 17 |
| A Contextual View of Insiders and Insider Threats | p. 17 |
| Risks of Insider Misuse | p. 20 |
| Types of Insiders | p. 20 |
| Types of Insider Misuse | p. 21 |
| Threats, Vulnerabilities, and Risks | p. 22 |
| Relevant Knowledge and Experience | p. 23 |
| Exploitations of Vulnerabilities | p. 24 |
| Potential Risks Resulting from Exploitations | p. 25 |
| Countermeasures | p. 25 |
| Specification of Sound Policies for Data Gathering and Monitoring | p. 27 |
| Detection, Analysis, and Identification of Misuse | p. 28 |
| Desired Responses to Detected Anomalies and Misuses | p. 29 |
| Decomposition of Insider Misuse Problems | p. 29 |
| Stages of Development and Use | p. 30 |
| Extended Profiling Including Psychological and Other Factors | p. 31 |
| Requirements for Insider-Threat-Resistant High-Integrity Elections | p. 33 |
| Relevance of the Countermeasures to Elections | p. 36 |
| Research and Development Needs | p. 39 |
| Conclusions | p. 40 |
| References | p. 41 |
| Insider Threat and Information Security Management | p. 45 |
| Introduction | p. 45 |
| Definitions of Insider and the Relevance to Information Security Management | p. 46 |
| Risk and Insiderness | p. 49 |
| The Importance of Organisational Culture and the Significance of Cultural Risks | p. 51 |
| Fieldwork on Culture and the Insider Threat | p. 51 |
| The Structure of the ISMS and Traditional Information Security Management Responses to Insiderness | p. 53 |
| Analysis - Turning an ISMS Inwards | p. 54 |
| The Role of Operationalisation | p. 55 |
| Information Security Management Standards, Best Practice and the Insider Threat | p. 56 |
| General Security Management Standards | p. 56 |
| Guidelines Focused on the Management of the Insider Threat | p. 57 |
| Analysis of the Contribution of Best Practice and Guidelines | p. 60 |
| Crime theories and insider threat | p. 61 |
| Existing Connections between Crime Theories and Information Security Management | p. 62 |
| Implications of Crime Theories for ISMS Design | p. 63 |
| Application of SCP to the ISO Control Domains | p. 64 |
| Implications for ISMS Process Design | p. 66 |
| Summary of Crime Theory Contribution | p. 68 |
| Conclusions | p. 69 |
| References | p. 70 |
| A State of the Art Survey of Fraud Detection Technology | p. 73 |
| Introduction | p. 73 |
| Data Analysis Methodology | p. 74 |
| Survey of Technology for Fraud Detection in Practice | p. 76 |
| General Approaches for Intrusion and Fraud Detection | p. 76 |
| State of the Art of Fraud Detection Tools and Techniques | p. 78 |
| Why Fraud Detection is not the Same as Intrusion Detection | p. 80 |
| Challenges for Fraud Detection in Information Systems | p. 82 |
| Summary | p. 82 |
| References | p. 84 |
| Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation | p. 85 |
| Introduction | p. 85 |
| Background | p. 88 |
| Issues of Security and Privacy | p. 91 |
| Predictive Modeling Approach | p. 94 |
| Training Needs | p. 106 |
| Conclusions and Research Challenges | p. 109 |
| Acknowledgments | p. 111 |
| References | p. 111 |
| A Risk Management Approach to the "Insider Threat" | p. 115 |
| Introduction | p. 116 |
| Insider Threat Assessment | p. 117 |
| Example | p. 120 |
| Summary | p. 122 |
| Access-Based Assessment | p. 122 |
| Psychological Indicator-Based Assessment | p. 126 |
| Application of Risk to System Countermeasures | p. 130 |
| Example | p. 133 |
| Summary | p. 135 |
| Conclusion | p. 135 |
| References | p. 135 |
| Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection | p. 139 |
| Introduction | p. 139 |
| Monitoring Modern Distributed Systems | p. 140 |
| Evidence Model | p. 142 |
| Observing Fraudulent Service Behaviours | p. 145 |
| Architectural Support | p. 148 |
| Introduction to the Legal Perspective | p. 149 |
| Basic Principles of Data Privacy Law | p. 150 |
| A Set of Six Basic Rules | p. 151 |
| General Legal Requirements of Fraud Detection Systems | p. 153 |
| Privacy Relevance of Fraud Detection Systems | p. 153 |
| Necessary Data for Fraud Detection | p. 154 |
| Transparency in the Fraud Detection Context | p. 155 |
| Purpose Specification and Binding in Fraud Detection | p. 155 |
| Permissibility of Fraud Detection | p. 155 |
| Quality of Event Data | p. 156 |
| Security of Event Data | p. 156 |
| Technical Solutions for Privacy-respecting Fraud Detection | p. 156 |
| Technicla Requirements | p. 157 |
| Lossless Information Reduction with Covered Data | p. 161 |
| Lossy Information Reductions for Timestamps | p. 161 |
| Legal Improvements by Pseudonymizing Event Data | p. 165 |
| Technical Description | p. 165 |
| Privacy Relevance of Pseudonymized Event Data | p. 166 |
| Strengthening the Data Privacy Official | p. 167 |
| Disclosure With Legal Permission | p. 167 |
| Data and System Security | p. 168 |
| Conclusion | p. 168 |
| References | p. 169 |
| Towards an Access-Control Framework for Countering Insider Threats | p. 173 |
| Introduction | p. 173 |
| Motivation and related work | p. 177 |
| Illustrative scenarios | p. 177 |
| Definitions of insiders | p. 179 |
| Access control | p. 180 |
| The insider problem and access control | p. 181 |
| Trust, trustworthiness, and the insider problem | p. 182 |
| Insiderness | p. 183 |
| Trust management and risk assessment | p. 183 |
| Pragmatics of identifying suspicious events | p. 184 |
| Toward a context-and insider-aware policy language | p. 185 |
| Context and request predicates | p. 186 |
| Requirements | p. 186 |
| Policy transformations via declarative programming | p. 187 |
| Discussion of requirements | p. 188 |
| Policy transformations | p. 189 |
| Risk-and trustworthiness-aware policy composition | p. 190 |
| Access-control architectures and the insider problem | p. 191 |
| Concluding remarks | p. 192 |
| References | p. 194 |
| Monitoring Technologies for Mitigating Insider Threats | p. 197 |
| Introduction | p. 197 |
| Related Research | p. 200 |
| Threat Model - Level of Sophistication of the Attacker | p. 201 |
| Decoy Properties | p. 202 |
| Architecture | p. 207 |
| Decoy Document Distributor | p. 207 |
| SONAR | p. 208 |
| Decoys and Network Monitoring | p. 208 |
| Host-based Sensors | p. 211 |
| Concluding Remarks and Future Work | p. 215 |
| References | p. 217 |
| Insider Threat Specification as a Threat Mitigation Technique | p. 219 |
| Introduction | p. 219 |
| The Insider Threat Problem | p. 220 |
| Background | p. 221 |
| The Common Intrusion Specification Language | p. 221 |
| Panoptis | p. 225 |
| Insider Misuse Taxonomies and Threat Models | p. 226 |
| The Scope of the Insider Threat Prediction Specification Language | p. 237 |
| The Domain Specific Language Programming Paradigm | p. 240 |
| Conclusion | p. 242 |
| References | p. 242 |
| Table of Contents provided by Ingram. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.