Adaptive Detection and Policy Transformation for Insider Threats

Get BibTex-formatted data

Download

PDF

Author

Nicholas B. Harrell, Alexander Master, J. Eric Dietz

Tech report number

CERIAS TR 2023-7

Entry type

article

Abstract

Insider threats are among the most costly and prevalent cybersecurity incidents. Modern organizations lack an effective way to detect and deter insider threat events; traditional mitigation approaches that focus on recruitment processes and workplace behavior have proven insufficient. Current analytic detection tools do not map technical indicators to organizational policies. This limitation results in poor risk calculations, rendering inaccurate risk mitigation decisions regarding insider threats. This paper proposes a pragmatic, data-driven approach that uses policy-mapped technical indicators to assess insider threat risk. Our approach provides a quantitative insider threat risk score to facilitate informed decision-making by policymakers. Using computer simulation modeling and synthetic data to iterate common threat scenarios, we increase the probability of detecting an insider threat event. This novel approach provides quantitative analysis with distinct advantages over qualitative risk matrices commonly used in industry to forecast and assess organizational risk.

Download

PDF

Date

2023 – 6 – 26

Address

West Lafayette, IN, USA

Institution

Purdue University

Journal

Purdue Military Research Institute Defense & Security Research Symposium

Key alpha

Harrell

Organization

Purdue Military Research Institute

Pages

47-55

Publisher

Purdue Military Research Institute Defense & Security Research Symposium

Volume

Affiliation

Purdue University, Army Cyber Institute

Publication Date

2023-06-26

Isbn

978-1-61249-995-6

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Harrell,
	title = "Adaptive Detection and Policy Transformation for Insider Threats",
	author = "Nicholas B. Harrell, Alexander Master, J. Eric Dietz",
	year = "2023",
	month = "6",
	address = "West Lafayette, IN, USA",
	institution = "Purdue University",
	journal = "Purdue Military Research Institute Defense & Security Research Symposium",
	organization = "Purdue Military Research Institute",
	pages = "47-55",
	publisher = "Purdue Military Research Institute Defense & Security Research Symposium",
	volume = "1",
	day = "26",
	abstract = "Insider threats are among the most costly and prevalent cybersecurity incidents. Modern organizations lack an effective way to detect and deter insider threat events; traditional mitigation approaches that focus on recruitment processes and workplace behavior have proven insufficient. Current analytic detection tools do not map technical indicators to organizational policies. This limitation results in poor risk calculations, rendering inaccurate risk mitigation decisions regarding insider threats. This paper proposes a pragmatic, data-driven approach that uses policy-mapped technical indicators to assess insider threat risk. Our approach provides a quantitative insider threat risk score to facilitate informed decision-making by policymakers. Using computer simulation modeling and synthetic data to iterate common threat scenarios, we increase the probability of detecting an insider threat event. This novel approach provides quantitative analysis with distinct advantages over qualitative risk matrices commonly used in industry to forecast and assess organizational risk.",
	affiliation = "Purdue University, Army Cyber Institute",
	isbn = "978-1-61249-995-6",
}