Combating the Insider Cyber Threat

Author

Greitzer, Frank L. ; Moore, Andrew P. ; Cappelli, Dawn M. ; Andrews, Dee H. ; Carroll, Lynn A. ; Hull, Thomas D.

Author_Institution

Pacific Northwest Nat. Lab., Richland

Volume

6

Issue

1

fYear

2008

Firstpage

61

Lastpage

64

Abstract

The penetration of US national security by foreign agents as well as American citizens is a historical and current reality that´s a persistent and increasing phenomenon. Surveys, such as the e-crime watch survey, reveal that current or former employees and contractors are the second greatest cybersecurity threat, exceeded only by hackers, and that the number of security incidents has increased geometrically in recent years. The insider threat is manifested when human behavior departs from compliance with established policies, regardless of whether it results from malice or a disregard for security policies. In this article, we focus on the need for effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them.

Keywords

computer crime; government policies; national security; training; E-Crime Watch Survey; cyber threat; cybersecurity threat; hackers; insider threat; national security; security incidents; security policy; staff awareness; Computer security; Humans; Laboratories; Management training; National security; Predictive models; Research and development; Software engineering; Systems engineering education; Watches; CERT; Education; Merit Interactive; attack; insideer attack; threat mitigation; training;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2008.8

Filename

4446699