A Security Architecture to Protect against the Insider Threat from Damage, Fraud and Theft

摘要

The insider threat poses a significant and increasing problem for organizations. This is shown by the regular stories of fraud and data loss reported daily in the media in the US and elsewhere. There is a need to provide systematic protection from insider attacks because of their privileged access. We have developed a three-layer security architecture containing the physical, logical and social levels that we use to analyze the insider threat holistically to prevent, detect and recover from attacks. We examine destructive insider attacks, but the same analysis can be straightforwardly applied to the other main classes of insider threat from financial fraud and information theft. Our practical security model appears to have widespread application to other problem domains such as critical infrastructure and financial systems, as it allows the analysis of systems in their entirety including human and physical factors, not just as technical systems.