The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Greg Stephens - Mitre

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Detecting Insider Theft of Trade Secrets

Feb 03, 2010

Download: Video Icon MP4 Video Size: 429.3MB  
Watch on Youtube Watch on YouTube


Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This talk presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.

About the Speaker

Since joining MITRE in 2001, Greg has been consulting and researching in the area of enterprise security operations. His areas of expertise include security operation center (SOC) architecture and management, the effective implementation of intrusion detection and audit systems, and the effective use of security information management systems (SIMs). Since 2003, his focus has been on detecting insider threats. He led successful R&D efforts within MITRE and for the Institute for Information Infrastructure Protection (I3P) that yielded an effective, novel detection approach and significant insight into insider threat behavior. He is currently extending his insider threat research, adapting it for cyber threat detection.

Prior to joining MITRE, Greg helped architect the managed security monitoring service provided by Counterpane Internet Security and managed the security of a mid-sized defense contractor.

Greg holds a B.S. in Materials Science from U.C. Berkeley and an M.S. in Information Technology from George Mason University.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!