Amazon cover image
Image from Amazon.com

Understanding the insider threat : proceedings of a March 2004 workshop / Richard C. Brackney, Robert H. Anderson.

Contributor(s): Series: Conference proceedings (Rand Corporation) ; 196.Publisher: Santa Monica, CA : RAND, 2004Description: xxii, 113 pages : illustrations ; 28 cmContent type:
  • text
Media type:
  • computer
  • unmediated
Carrier type:
  • online resource
  • volume
ISBN:
  • 0833036807
Subject(s): LOC classification:
  • UB247 .U53 2004
Online resources: Available additional physical forms:
  • Also available on the internet via WWW in PDF format.
Contents:
Introduction -- IC System Models -- Vulnerabilities and Exploits -- Attacker Models -- Event Characterization -- Appendix: Workshop Invitation -- Workshop Agenda -- Links to Read-Ahead Materials -- Workshop Participants -- Presentation: The Robert Hanssen Case: An Example of the Insider Threat to Sensitive U.S. Information Systems Presentation: Overview of the Results of a Recent ARDA Workshop on Cyber Indications and Warning Presentation: Intelink Factoids Presentation: Glass Box Analysis Project Presentation: Interacting with Information: Novel Intelligence from Massive Data.
Summary: Perhaps the greatest threat that the intelligence community (IC) must address in the area of information assurance is the "insider threat"-malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. This document reports the results of a workshop that brought together IC members with specific knowledge of IC document management systems and IC business practices; persons with knowledge of insider attackers, both within and outside the IC; and researchers involved in developing technology to counter insider threats. Plenary and breakout sessions discussed various aspects of the problem, including intelligence community system models, vulnerabilities and exploits, attacker models, and event characterization. Participants listed the following challenges: defining an effective way of monitoring what people do with their cyber access; developing policies and procedures to create as bright a line as possible between allowed and disallowed behaviors; considering sociological and psychological factors and creating better cooperation between information systems personnel and human resources personnel; and combining events from one or more sensors (possibly of various types or different levels of abstraction) to facilitate building systems that test hypotheses about malicious insider activity. Workshop members also considered what databases would aid in this research if they were available.
Item type:
Star ratings
    Average rating: 0.0 (0 votes)
No physical items for this record

"National Security Research Division."

Includes bibliographical references (p. 113).

Introduction -- IC System Models -- Vulnerabilities and Exploits -- Attacker Models -- Event Characterization -- Appendix: Workshop Invitation -- Workshop Agenda -- Links to Read-Ahead Materials -- Workshop Participants -- Presentation: The Robert Hanssen Case: An Example of the Insider Threat to Sensitive U.S. Information Systems Presentation: Overview of the Results of a Recent ARDA Workshop on Cyber Indications and Warning Presentation: Intelink Factoids Presentation: Glass Box Analysis Project Presentation: Interacting with Information: Novel Intelligence from Massive Data.

Perhaps the greatest threat that the intelligence community (IC) must address in the area of information assurance is the "insider threat"-malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. This document reports the results of a workshop that brought together IC members with specific knowledge of IC document management systems and IC business practices; persons with knowledge of insider attackers, both within and outside the IC; and researchers involved in developing technology to counter insider threats. Plenary and breakout sessions discussed various aspects of the problem, including intelligence community system models, vulnerabilities and exploits, attacker models, and event characterization. Participants listed the following challenges: defining an effective way of monitoring what people do with their cyber access; developing policies and procedures to create as bright a line as possible between allowed and disallowed behaviors; considering sociological and psychological factors and creating better cooperation between information systems personnel and human resources personnel; and combining events from one or more sensors (possibly of various types or different levels of abstraction) to facilitate building systems that test hypotheses about malicious insider activity. Workshop members also considered what databases would aid in this research if they were available.

Also available on the internet via WWW in PDF format.

Description based on print version record.

Copyright © 2020 Alfaisal University Library. All Rights Reserved.
Tel: +966 11 2158948 Fax: +966 11 2157910 Email: librarian@alfaisal.edu