ABSTRACT

Insider threat has been recognized by both scientific community and security professionals as one of the gravest security hazards for private companies, institutions, and governmental organizations. Extended research on the types, associated internal and external factors, detection approaches and mitigation strategies has been conducted over the last decades. Various frameworks have been introduced in an attempt to understand and reflect the danger posed by this threat, whereas multiple identified cases have been classified in private or public databases. This paper aims to present how a cyber-security culture framework with a clear focus on the human factor can assist in detecting possible threats of both malicious and unintentional insiders. We link current insider threat categories with specific security domains of the framework and introduce an assessment methodology of the core contributing parameters. Specific approach takes into consideration technical, behavioral, cultural, and personal indicators and assists in identifying possible security perils deriving from privileged individuals.

摘要

内部威胁已被科学界和安全专业人员视为私营公司、机构和政府组织最严重的安全隐患之一。在过去的几十年里，已经对类型、相关的内部和外部因素、检测方法和缓解策略进行了扩展研究。为了理解和反映这种威胁带来的危险，已经引入了各种框架，而多个已识别的案例已被分类到私人或公共数据库中。本文旨在介绍明确关注人为因素的网络安全文化框架如何帮助检测恶意和无意内部人员的可能威胁。我们将当前的内部威胁类别与框架的特定安全域联系起来，并引入了核心贡献参数的评估方法。具体方法考虑了技术、行为、文化和个人指标，并有助于识别特权个人可能带来的安全风险。