Adaptive Detection and Policy Transformation for Insider Threats
Loading...
Authors
Harrell, Nicholas
Master, Alexander
Dietz, J. Eric
Issue Date
2023
Type
Conference presentations, papers, posters
Language
Keywords
insider threat , cybersecurity , modeling , quantitative , risk assessment , risk score , simulation
Alternative Title
Abstract
Insider threats are among the most costly and prevalent cybersecurity incidents. Modern organizations lack an effective way to detect and deter insider threat events; traditional mitigation approaches that focus on recruitment processes and workplace behavior have proven insufficient. Current analytic detection tools do not map technical indicators to organizational policies. This limitation results in poor risk calculations, rendering inaccurate risk mitigation decisions regarding insider threats. This paper proposes a pragmatic, data-driven approach that uses policy-mapped technical indicators to assess insider threat risk. Our approach provides a quantitative insider threat risk score to facilitate informed decision-making by policymakers. Using computer simulation modeling and synthetic data to iterate common threat scenarios, we increase the probability of detecting an insider threat event. This novel approach provides quantitative analysis with distinct advantages over qualitative risk matrices commonly used in industry to forecast and assess organizational risk.
Description
Citation
Nicholas B. Harrell, Alexander Master, and J. Eric Dietz. “Adaptive Detection and Policy Transformation for Insider Threats.” In Defense and Security Research Symposium of the Purdue Military Research Institute, 9. Purdue University, USA, 2023. https://doi.org/10.5703/1288284317732.
Publisher
Purdue Military Research Institute