Fault Tree Analysis of Accidental Insider Security Events

Abstract

Insider threats have been categorized as unintentional and malicious. The frameworks and models which are used to detect malicious behavior of employees would likely fail to detect unintentional insider as there is no malicious intent. This paper accentuates the limitation of MERIT (Management and Education of Risks of Insider Threat) in its scope for accidental insider threats and proposes Fault Tree Analysis (FTA) of the security events caused by accidental insiders. We perform FTA on two cases involving accidental insiders which help understand human side behind the user errors. The first case involves data loss via outbound email due to employee error while the second case involves accidental disclosure of sensitive information by insiders. The countermeasures are thus better interpreted and communicated as the causes of a threat are well understood which is essential for human fault avoidance.