This paper presents a model for insider threat mitigation. While many of the existing insider threat models concentrate on watching insiders' activities for any misbehavior, we believe that considering the insider himself/herself as a basic entity before looking into his/her activities will be more effective. In this paper, we presented an approach that relies on ontology to extract knowledge from an object. This represents expected knowledge that an insider might gain by accessing that object. We then utilized this information to build a model for insider threat mitigation which ensures that only knowledge units that are related to the insider's domain of access or his/her assigned tasks will be allowed to be accessed by such insiders.
展开▼