Methods and Metrics for Evaluating Analytic Insider Threat Tools

Author

Greitzer, Frank L. ; Ferryman, Thomas A.

Author_Institution

PsyberAnalytix, Richland, WA, USA

fYear

2013

fDate

23-24 May 2013

Firstpage

90

Lastpage

97

Abstract

The insider threat is a prime security concern for government and industry organizations. As insider threat programs come into operational practice, there is a continuing need to assess the effectiveness of tools, methods, and data sources, which enables continual process improvement. This is particularly challenging in operational environments, where the actual number of malicious insiders in a study sample is not known. The present paper addresses the design of evaluation strategies and associated measures of effectiveness; several quantitative/statistical significance test approaches are described with examples, and a new measure, the Enrichment Ratio, is proposed and described as a means of assessing the impact of proposed tools on the organization´s operations.

Keywords

security of data; software metrics; software process improvement; analytic insider threat tool evaluation method; analytic insider threat tool evaluation metrics; continual process improvement; data sources; enrichment ratio; government organizations; industry organizations; insider threat programs; malicious insiders; quantitative significance test; statistical significance test; Data models; Measurement; Monitoring; Predictive models; Sociology; Statistics; Testing; assessment; evaluation; insider threat; metrics; validation;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy Workshops (SPW), 2013 IEEE

Conference_Location

San Francisco, CA

Print_ISBN

978-1-4799-0458-7

Type

conf

DOI

10.1109/SPW.2013.34

Filename

6565235