Abstract
The insider threat has received considerable attention, and is often cited as the most serious security problem. It is also considered the most difficult problem to deal with, because an “insider” has information and capabilities not known to external attackers. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? This chapter presents some aspects of insider threats, collected at an inter-disciplinary workshop in 2008.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Binney v. Banner Therapy Products, 631 S.E. 2d 848, 850. North Carolina Court of Appeals (2006)
Bishop, M.: The Insider Problem Revisited. In: Proceedings of the New Security Paradigms Workshop 2005. ACM Press, Lake Arrowhead, CA, USA (2005)
Bishop, M., Engle, S., Peisert, S., Whalen, T., Gates, C.: Case studies of an insider framework. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS) (2009)
Brackney, R.C., Anderson, R.H.: Understanding the insider threat : proceedings of a March 2004 workshop. RAND, Santa Monica, CA : (2004)
Cappelli, D.M., Moore, A.P., Shaw, E.D.: A Risk Mitigation Model: Lessons Learned From Actual Insider Sabotage. In: Computer Security Institute, 33rd Annual Computer Security Conference and Exhibition (2006)
Carlson, A.: The unifying policy hierarchy model. Master’s thesis, Department of Computer Science, University of California, Davis (2006)
Cha, A.E.: Even spies embrace china’s free market. Washington Post, February 15, 2008. Available from http://www.washingtonpost.com/wp-dyn/content/ article/2008/02/14/AR2008 0214 03550.html, last visited March 2010.
Hawley, C.: The liechtenstein connection—massive tax evasion scandal in germany. Spiegel Online International, 18 February 2008. Available from http://www.spiegel.de/ international/business/0, 1518, 5357 68, 00.html, last visited March 13, 2009.
Homepage of Dagstuhl Seminar 08302: "Countering Insider Threats". Available from http: //www.dagstuhl.de/08302, last visited December 4, 2008 (2008)
Keating, D.: Tax suspects guidance on software left d.c. at risk. Washington Post (2008)
Kirk, J.: Homeland security e-mail server turns into spam cannon. InfoWorld.com, October 4, 2007. Available from http://www.infoworld.com/d/security-central/ homeland-security-e-mail-server-turns-spam-cannon- 924, last visited March 2010.
Patzakis, J.: New incident response best practices: Patch and proceed is no longer acceptable incident response procedure. White Paper, Guidance Software, Pasadena, CA (2003)
Pfleeger, S.L., Stolfo, S.J.: Addressing the insider threat. IEEE Security and Privacy 7, 10–13 (2009). DOI http://doi.ieeecomputersociety.org/10.1109/MSP.2009.146
Predd, J., Pfleeger, S.L., Hunker, J., Bulford, C.: Insiders behaving badly. IEEE Security and Privacy 6, 66–70 (2008). DOI http://doi.ieeecomputersociety.org/10.1109/MSP.2008.87
Schwartz, N.D., Bennhold, K.: A trader’s secrets, a bank’s missteps. New York Times, 5 February 2009, New York, USA.
Probst, C.W., Hunker, J.: The Risk of Risk Analysis-Audits relation to the Economics of Insider Threats, Proc. of the Eighth Workshop on the Economics of Information Security (WEIS 2009), June 2009.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Probst, C.W., Hunker, J., Gollmann, D., Bishop, M. (2010). Aspects of Insider Threats. In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_1
Download citation
DOI: https://doi.org/10.1007/978-1-4419-7133-3_1
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-7132-6
Online ISBN: 978-1-4419-7133-3
eBook Packages: Computer ScienceComputer Science (R0)