Jason Nurse
Understanding insider threat: A framework for characterising attacks
Nurse, Jason; Buckley, Oliver; Legg, Philip; Goldsmith, Michael; Creese, Sadie; Wright, Gordon; Whitty, Monica
Authors
Oliver Buckley
Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Michael Goldsmith
Sadie Creese
Gordon Wright
Monica Whitty
Abstract
The threat that insiders pose to businesses, institu- tions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and its prevalence. Despite this, however, there is still no unifying framework to fully characterise insider attacks and to facilitate an understanding of the problem, its many components and how they all fit together. In this paper, we focus on this challenge and put forward a grounded framework for understanding and reflecting on the threat that insiders pose. Specifically, we propose a novel conceptualisation that is heavily grounded in insider- threat case studies, existing literature and relevant psychological theory. The framework identifies several key elements within the problem space, concentrating not only on noteworthy events and indicators – technical and behavioural – of potential attacks, but also on attackers (e.g., the motivation behind malicious threats and the human factors related to unintentional ones), and on the range of attacks being witnessed. The real value of our framework is in its emphasis on bringing together and defining clearly the various aspects of insider threat, all based on real- world cases and pertinent literature. This can therefore act as a platform for general understanding of the threat, and also for reflection, modelling past attacks and looking for useful patterns.
| Presentation Conference Type | Conference Paper (unpublished) |
|---|---|
| Conference Name | Workshop on Research for Insider Threat (Security and Privacy Workshops at IEEE Symposium on Security and Privacy) |
| Start Date | May 17, 2014 |
| End Date | May 18, 2014 |
| Acceptance Date | Apr 10, 2014 |
| Publication Date | Apr 10, 2014 |
| Deposit Date | Aug 16, 2018 |
| Publicly Available Date | Aug 16, 2018 |
| Peer Reviewed | Peer Reviewed |
| ISBN | 9781479951031 |
| Keywords | insider threat, threat framework, technical, psychological indicators, attack chain, case studies |
| Public URL | https://uwe-repository.worktribe.com/output/819125 |
| Publisher URL | http://dx.doi.org/10.1109/SPW.2014.38 |
| Additional Information | Additional Information : (c) 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. Title of Conference or Conference Proceedings : Workshop on Research for Insider Threat (Security and Privacy Workshops at IEEE Symposium on Security and Privacy) |
| Contract Date | Aug 16, 2018 |
Files
writ2014-paper-preprint.pdf
(3.9 Mb)
PDF
You might also like
Visual analytics of e-mail sociolinguistics for user behavioural analysis
(2014)
Journal Article
Visualizing the insider threat: Challenges and tools for identifying malicious user activity
(2015)
Presentation / Conference Contribution
Quasi-Hamming distances: An overarching concept for measuring glyph similarity
(2015)
Presentation / Conference Contribution
Glyph sorting: Interactive visualization for multi-dimensional data
(2013)
Journal Article
Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat
(2015)
Presentation / Conference Contribution
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search