{"title":"理论综述:通过可信任的人的内部威胁框架降低风险","authors":"Mohd Nazer Apau, Muliati Sedek, R. Ahmad","doi":"10.1109/ICoCSec47621.2019.8970795","DOIUrl":null,"url":null,"abstract":"This paper discusses the possible effort to mitigate insider threats risk and aim to inspire organizations to consider identifying insider threats as one of the risks in the company’s enterprise risk management activities. The paper suggests Trusted Human Framework (THF) as the on-going and cyclic process to detect and deter potential employees who bound to become the fraudster or perpetrator violating the access and trust given. The mitigation’s control statements were derived from the recommended practices in the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The statements validated via a survey which was responded by fifty respondents who work in Malaysia.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"589 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Theoretical Review: Risk Mitigation Through Trusted Human Framework for Insider Threats\",\"authors\":\"Mohd Nazer Apau, Muliati Sedek, R. Ahmad\",\"doi\":\"10.1109/ICoCSec47621.2019.8970795\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper discusses the possible effort to mitigate insider threats risk and aim to inspire organizations to consider identifying insider threats as one of the risks in the company’s enterprise risk management activities. The paper suggests Trusted Human Framework (THF) as the on-going and cyclic process to detect and deter potential employees who bound to become the fraudster or perpetrator violating the access and trust given. The mitigation’s control statements were derived from the recommended practices in the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The statements validated via a survey which was responded by fifty respondents who work in Malaysia.\",\"PeriodicalId\":272402,\"journal\":{\"name\":\"2019 International Conference on Cybersecurity (ICoCSec)\",\"volume\":\"589 \",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Cybersecurity (ICoCSec)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICoCSec47621.2019.8970795\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Cybersecurity (ICoCSec)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICoCSec47621.2019.8970795","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
本文讨论了减轻内部威胁风险的可能努力,旨在激励组织考虑将内部威胁作为公司企业风险管理活动中的风险之一。本文提出可信任人框架(Trusted Human Framework, THF)作为一种持续循环的过程来检测和阻止潜在的员工,这些员工必然会成为违反访问和信任的欺诈者或犯罪者。缓解的控制声明来源于卡内基梅隆大学软件工程研究所(SEI-CMU)制作的“缓解内部威胁的常识指南”中的推荐实践。这些陈述通过一项由50名在马来西亚工作的受访者回应的调查得到了验证。
A Theoretical Review: Risk Mitigation Through Trusted Human Framework for Insider Threats
This paper discusses the possible effort to mitigate insider threats risk and aim to inspire organizations to consider identifying insider threats as one of the risks in the company’s enterprise risk management activities. The paper suggests Trusted Human Framework (THF) as the on-going and cyclic process to detect and deter potential employees who bound to become the fraudster or perpetrator violating the access and trust given. The mitigation’s control statements were derived from the recommended practices in the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The statements validated via a survey which was responded by fifty respondents who work in Malaysia.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
