MITIGATING THE INSIDER THREAT TO INFORMATION SYSTEMS USING FULLY EMBEDDED AND INSEPARABLE AUTONOMIC SELF-PROTECTION CAPABILITY

Abstract

The insider threat is a problem that organizations have to deal with. Regardless of its size, mission, or location, any company that uses information systems is potentially vulnerable to insider attacks. Federal agencies, non-governmental organizations, as well as data centers face the same risk of being attacked by an insider. Countering the insider threat is a difficult and daunting task. Organizations concerned with the problem usually train their employees on security-related matters, rules of behavior policies, and the consequences of committing criminal activities. More technically-oriented solutions include enhanced credentialing and access control, and the use of monitoring tools that provide insight into the health and status of systems. This paper addresses the deficiency of widely-used monitoring tools and strategies. It discusses the difference between traditional security approaches and autonomic-based self-protection. The paper then proposes a solution that equips a system with innate self-defense mechanisms that relieve the system from having to rely on human intervention. The paper introduces the Insider Threat Minimization and Mitigation Framework. This framework equips systems with self-defense mechanisms such that a system can instantaneously respond to potential threats and defend itself against users who have unfettered access to it. The framework employs the autonomous demotion of power users’ access privileges based on analysis and evaluation of the user’s risk level. The paper presents the details of the proposed framework and simulates its effectiveness within a data center environment of mission-critical systems.