首页> 外文会议> >Approach for Design and Implementation of Protection Measures for the Insider Threat
【24h】

Approach for Design and Implementation of Protection Measures for the Insider Threat

机译:内部威胁防护措施的设计与实现方法

获取原文

摘要

Recently the international community has increased focus on both security-by-design and on the insider threat. Additionally, there is increased focus on computer/cyber security with respect to the insider threat. Historically, training for the insider threat has focused on the evaluation of insider protection measures in place at an existing facility. The evaluation methods typically assume preventive measures are appropriately implemented and are, therefore, most often only concerned about the individual with direct access to the material or material processes. More recently, documentation has been written on best, or worst, practices for protecting against the insider threat. However, little attention has been provided for the design and implementation of preventive and protective measures and, as an important factor in Security by Design, are important aspects to consider in the early phases of the physical protection system design. This paper will provide a proposed framework and approach for the design and implementation for protecting against the insider. The framework for the design and implementation will effectively define the Insider Mitigation Program, a recommended part of the overall Security Plan. The Program would be based on stated principles (based on a State's regulatory requirements) and would be further be defined by the site specific policies and procedures. The policies and procedures effectively evolve throughout the security design as design constraints are identified. The proposed approach applies the framework to the design and implementation of the various known insider protection measures and will have emphasis on how access is authorized and applied to individuals. The paper will provide examples and will also address the evaluation of the effectiveness of measures that are often assumed to minimize the potential insider actions.
机译:最近,国际社会越来越重视设计安全和内部威胁。此外,对于内部威胁,人们越来越关注计算机/网络安全。从历史上看,针对内部人员威胁的培训一直侧重于评估现有设施中现有的内部人员保护措施。评估方法通常假设采取了适当的预防措施,因此,大多数情况下,评估方法仅关注直接接触物料或物料过程的个人。最近,已经编写了有关防止内部威胁的最佳或最差做法的文档。但是,对于预防和保护措施的设计和实施的关注很少,并且作为设计安全性的重要因素,是在物理保护系统设计的早期阶段要考虑的重要方面。本文将为设计和实现针对内部人员的防护提供建议的框架和方法。设计和实施的框架将有效地定义内部人员缓解计划,这是整个安全计划的建议部分。该计划将基于既定的原则(基于国家的法规要求),并且将由特定于站点的政策和程序进一步定义。当确定设计约束时,策略和过程将在整个安全设计中有效发展。拟议的方法将框架应用于各种已知的内部人保护措施的设计和实施,并将重点介绍如何授权和将访问权应用于个人。本文将提供示例,还将探讨对通常被认为是为了最大程度地减少潜在的内部行为而采取的措施的有效性的评估。

著录项

  • 来源
    《》|2015年|394-401|共8页
  • 会议地点
  • 作者

    Carol Scharmer;

  • 作者单位
  • 会议组织
  • 原文格式 PDF
  • 正文语种
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号