Insider Threat Mitigation Framework
Project Members
Victor Raskin, Melissa J. Dark, Simon Slobodnik
Victor Raskin, Melissa J. Dark, Simon Slobodnik
Abstract
In military cyber operations, Mission Oriented Risk Design Analysis (MORDA) (Buckshaw et al 2005) is used to carry out risk assessment of adversary action. MORDA has been used in operations since 1999 in various missions. It is a systemic and comprehensive model for risk, vulnerability and cost assessment.
Methodology of such scope is lacking in the world of insider threat mitigation. Mechanisms exist to detect and sometimes predict insider threat. However models and the scope of MORDA are not used with insider threat in mind.
Events that lead to an insider becoming malicious are rarely viewed as deterministic because full information is not available for computation. Therefore identifying an individual as “high risk” in terms malicious activity has historically fallen to humans rather than any automated system.
MORDA in conjunction with a Reasoner that is based on a Dynamic Bayesian Network (DBN) as used by Greitzer et al (2009), and Bishop’s et al (2010) Unifying Policy Hierarchy to be used to evaluate malicious insider threat comprehensively.
This approach assures a systemic approach to evaluating impact of adversary action, specifically that of a malicious insider. A systemic, approach with costs attached will allow to address the issue of a malicious insider from a business as well as security viewpoint. This will contribute to insider threat detection and prevention mechanisms rather than “after-the-fact” response.