MITIGATING THE INSIDER THREAT TO INFORMATION SYSTEMS USING FULLY EMBEDDED AND INSEPARABLE AUTONOMIC SELF-PROTECTION CAPABILITY

IF 0.2 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS
G. Jabbour, Jason J. Jabbour
{"title":"MITIGATING THE INSIDER THREAT TO INFORMATION SYSTEMS USING FULLY EMBEDDED AND INSEPARABLE AUTONOMIC SELF-PROTECTION CAPABILITY","authors":"G. Jabbour, Jason J. Jabbour","doi":"10.33965/ijcsis_2021160106","DOIUrl":null,"url":null,"abstract":"The insider threat is a problem that organizations have to deal with. Regardless of its size, mission, or location, any company that uses information systems is potentially vulnerable to insider attacks. Federal agencies, non-governmental organizations, as well as data centers face the same risk of being attacked by an insider. Countering the insider threat is a difficult and daunting task. Organizations concerned with the problem usually train their employees on security-related matters, rules of behavior policies, and the consequences of committing criminal activities. More technically-oriented solutions include enhanced credentialing and access control, and the use of monitoring tools that provide insight into the health and status of systems. This paper addresses the deficiency of widely-used monitoring tools and strategies. It discusses the difference between traditional security approaches and autonomic-based self-protection. The paper then proposes a solution that equips a system with innate self-defense mechanisms that relieve the system from having to rely on human intervention. The paper introduces the Insider Threat Minimization and Mitigation Framework. This framework equips systems with self-defense mechanisms such that a system can instantaneously respond to potential threats and defend itself against users who have unfettered access to it. The framework employs the autonomous demotion of power users’ access privileges based on analysis and evaluation of the user’s risk level. The paper presents the details of the proposed framework and simulates its effectiveness within a data center environment of mission-critical systems.","PeriodicalId":41878,"journal":{"name":"IADIS-International Journal on Computer Science and Information Systems","volume":"51 1","pages":""},"PeriodicalIF":0.2000,"publicationDate":"2021-01-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IADIS-International Journal on Computer Science and Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33965/ijcsis_2021160106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

Abstract

The insider threat is a problem that organizations have to deal with. Regardless of its size, mission, or location, any company that uses information systems is potentially vulnerable to insider attacks. Federal agencies, non-governmental organizations, as well as data centers face the same risk of being attacked by an insider. Countering the insider threat is a difficult and daunting task. Organizations concerned with the problem usually train their employees on security-related matters, rules of behavior policies, and the consequences of committing criminal activities. More technically-oriented solutions include enhanced credentialing and access control, and the use of monitoring tools that provide insight into the health and status of systems. This paper addresses the deficiency of widely-used monitoring tools and strategies. It discusses the difference between traditional security approaches and autonomic-based self-protection. The paper then proposes a solution that equips a system with innate self-defense mechanisms that relieve the system from having to rely on human intervention. The paper introduces the Insider Threat Minimization and Mitigation Framework. This framework equips systems with self-defense mechanisms such that a system can instantaneously respond to potential threats and defend itself against users who have unfettered access to it. The framework employs the autonomous demotion of power users’ access privileges based on analysis and evaluation of the user’s risk level. The paper presents the details of the proposed framework and simulates its effectiveness within a data center environment of mission-critical systems.
利用完全嵌入式和不可分割的自主自我保护能力减轻信息系统的内部威胁
内部威胁是组织必须处理的问题。无论其规模、任务或位置如何,任何使用信息系统的公司都可能容易受到内部攻击。联邦机构、非政府组织以及数据中心都面临着同样的被内部人员攻击的风险。打击内部威胁是一项艰巨而艰巨的任务。关注这一问题的组织通常会对员工进行安全相关事宜、行为规则、政策以及犯罪行为后果方面的培训。更面向技术的解决方案包括增强的认证和访问控制,以及使用监视工具来洞察系统的运行状况和状态。本文讨论了目前广泛使用的监测工具和策略的不足之处。它讨论了传统安全方法和基于自治的自我保护之间的区别。然后,本文提出了一种解决方案,即为系统配备先天自卫机制,使系统不必依赖于人为干预。本文介绍了内部威胁最小化和缓解框架。这个框架为系统配备了自卫机制,这样系统就可以立即响应潜在的威胁,并保护自己免受不受限制地访问它的用户的攻击。该框架在分析和评估用户风险等级的基础上,自主降低了高级用户的访问权限。本文介绍了所提出的框架的细节,并模拟了其在关键任务系统的数据中心环境中的有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IADIS-International Journal on Computer Science and Information Systems
IADIS-International Journal on Computer Science and Information Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信