Assessing Risk of Insider Threats to Information Systems

Research Areas: Policy, Law and Management, Human Centric Security,

Principal Investigator: Fariborz Farahmand

Even as tools and technologies are being improved to protect critical national infrastructures against external attack, malicious insiders, intent on damaging an organization or turning a profit, remain a pervasive and challenging problem. In an insider attack, the attacker uses legitimate rights and privileges for inappropriate reasons. Such attacks are difficult to detect and defend against: insiders exist at all levels of an organization; broad internet connectivity enables anyone to be a potential “insider”; technologies enforcing useful access rights either do not exist or are difficult to use;and insiders often do only small, hard-to-detect amounts of damage at a time.

PROJECT OVERVIEW

The Human Behavior, Insider Threat, and Awareness research project, supported by the Institute for Information Infrastructure Protection (I3P),brings together cross-disciplinary researchers at leading national facilities to develop a scalable infrastructure for detecting, monitoring, and preventing insider attacks with due regard for the ethical, legal, and economic needs of users and organizations. Much of the science for understanding insider threats is still immature, with results difficult to measure. This research project will provide a foundation both for understanding insider threats and for developing methods to protect critical infrastructures against insider attacks:

  • Early prototypes of new approaches will be available for demonstration and use.
  • New insights into enterprise bestpractice will inform training programs that might reshape the ways that employees think about their actions.
  • Industry and government stakeholders will have a role in making project solutions useful in their real-world settings.

Personnel

  • Fariborz Farahmand
  • Eugene Spafford

Keywords: risk assessment, insider threat