{"title":"“内部人”问题没有单一的解决方案,但有一条有价值的前进道路","authors":"D. Bilusich, Leung Chim, Rick Nunes-Vaz, S. Lord","doi":"10.2495/RISK180121","DOIUrl":null,"url":null,"abstract":"The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation’s viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as ‘deterrence is the best approach for insiders’. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.","PeriodicalId":21504,"journal":{"name":"Risk Analysis XI","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"THERE IS NO SINGLE SOLUTION TO THE ‘INSIDER’ PROBLEM BUT THERE IS A VALUABLE WAY FORWARD\",\"authors\":\"D. Bilusich, Leung Chim, Rick Nunes-Vaz, S. Lord\",\"doi\":\"10.2495/RISK180121\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation’s viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as ‘deterrence is the best approach for insiders’. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.\",\"PeriodicalId\":21504,\"journal\":{\"name\":\"Risk Analysis XI\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Risk Analysis XI\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2495/RISK180121\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Risk Analysis XI","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2495/RISK180121","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
THERE IS NO SINGLE SOLUTION TO THE ‘INSIDER’ PROBLEM BUT THERE IS A VALUABLE WAY FORWARD
The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation’s viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as ‘deterrence is the best approach for insiders’. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
