Framework for Minimizing Critical Information Infrastructure Threats from Insiders

Loading...
Thumbnail Image
Date
2017-10
Journal Title
Journal ISSN
Volume Title
Publisher
The British University in Dubai (BUiD)
Abstract
Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This research aims at investigating the scale and the scope of the risks from malicious insider’s activities and exploring the impact of such threats on business operations. The developed framework targets minimization of the insider threats through profiling the user activities using information from the log files of several components participating in these activities, like IDS, IPS, firewalls, network devices, sever hosts and workstations. Malicious activities potentially leave suspicious patterns and references to users which can be used to infer the main actor or actors and mitigate the threat before they actually occur. The analytical backbone of the framework can be build upon Actor Network Theory. Organizations need to implement a multi layered defensive approaches to combat insider risks; safeguarding sensitive business information from malicious insiders requires an effective security framework that can identify the malicious group members involved and predict their offensive intentions something like a black box. To open this black box and explore the intention of the insiders, the framework developed here relies on two different security technologies: Security Information Event Management (SIEM) and User Behavior Analytics (UBA). They allow extracting the data from different entity logs, analyzing and separating the malicious activities from non-malicious ones on the base of the User Security Profile (USP). On the other hand, the security engine must allow formulating different hypothesis, which have varying degree of flexibility to address the security requirements and have the ability to identify the main actor and the other participants using analyzed information. Organizations need to implement multi layered defensive approaches to combat insider risks; safeguarding sensitive business information from malicious insiders requires an effective security policy that communicates widely the consequences of stealing or leaking confidential information in an unauthorized manner. Secondly, logging and monitoring employee activity is essential in detecting and controlling system vulnerabilities. Thirdly, conducting periodic and consistent vulnerability assessments is critical to identify any gaps in security controls and to prevent insiders from exploiting them. And last, but certainly not least, taking extra caution when dealing with privileged users is important to proactively protect the information infrastructure from insider risks.
Description
Keywords
Cyberinfrastructure -- Security measures., information systems, data theft, malicious insiders
Citation