Development of a Methodology for Customizing Insider Threat Auditing on a Microsoft Windows XP Operating System

摘要

Most organizations are aware that threats from trusted insiders pose a great risk to their organization and are very difficult to protect against. Auditing is recognized as an effective technique to detect malicious insider activities. However, current auditing methods are typically applied with a one- size-fits-all approach and may not be an appropriate mitigation strategy, especially towards insider threats. This research develops a 4-step methodology for designing a customized auditing template for a Microsoft Windows XP operating system. Two tailoring methods are presented which evaluate both by category and by configuration. Also developed are various metrics and weighting factors as a mechanism to evaluate auditing effectiveness for the purpose of optimizing the template according to organizational security requirements. Various industry standard auditing templates are evaluated against a custom designed template. Results indicate that a customized auditing template tailored for an insider threat scenario is more effective at detecting insider malicious activities.