Towards a Realistic Risk Assessment Methodology for Insider Threats of Information Misuse

The problem of insider threats is not new to organizations and research community. Organization cannot afford any kinds of attacks on their confidential information and resources either from insiders or out-siders. The damage done by insiders is more severe than that of external attackers due to their knowledge about the system and potential targets. It has been observed by studying previous case studies of insider attacks that insiders usually get involve in some unusual or suspicious activities prior to launching actual attacks. So observing these kinds of activities and taking proper actions in time may help to avoid such kinds of attacks. In this paper a risk assessment methodology has been presented to compute the threat levels of insiders. Appropriate actions may be taken by knowing about the threat level of each user in order to avoid actual attacks. The methodology not only incorporates technical measures but also some psychological indicators to detect insiders. The difference of this methodology from the previous ones is that it provides a practical way of quantization of risks for insider threats. The methodology is simulated in a test network against different scenarios and results showed that it efficiently categorized users according to their threat level. So it provides a base to deploy non uniform security policies among the users thus reducing overall processing overheads.