Framework for Minimizing Critical Information Infrastructure Threats from Insiders
Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This research aims at investigat...
Saved in:
| Main Author: | |
|---|---|
| Published: |
2017
|
| Subjects: | |
| Online Access: | https://bspace.buid.ac.ae/handle/1234/1299 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1862980616920760320 |
|---|---|
| author | AL KATHEERI, AHMED OMAR |
| author_facet | AL KATHEERI, AHMED OMAR |
| author_role | author |
| dc.creator.none.fl_str_mv | AL KATHEERI, AHMED OMAR |
| dc.date.none.fl_str_mv | 2017-10 2019-02-11T09:31:49Z 2019-02-11T09:31:49Z |
| dc.format.none.fl_str_mv | application/pdf |
| dc.identifier.none.fl_str_mv | 2014146144 https://bspace.buid.ac.ae/handle/1234/1299 |
| dc.language.none.fl_str_mv | en |
| dc.publisher.none.fl_str_mv | The British University in Dubai (BUiD) |
| dc.subject.none.fl_str_mv | Cyberinfrastructure -- Security measures. information systems data theft malicious insiders |
| dc.title.none.fl_str_mv | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| dc.type.none.fl_str_mv | Thesis |
| description | Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This research aims at investigating the scale and the scope of the risks from malicious insider’s activities and exploring the impact of such threats on business operations. The developed framework targets minimization of the insider threats through profiling the user activities using information from the log files of several components participating in these activities, like IDS, IPS, firewalls, network devices, sever hosts and workstations. Malicious activities potentially leave suspicious patterns and references to users which can be used to infer the main actor or actors and mitigate the threat before they actually occur. The analytical backbone of the framework can be build upon Actor Network Theory. Organizations need to implement a multi layered defensive approaches to combat insider risks; safeguarding sensitive business information from malicious insiders requires an effective security framework that can identify the malicious group members involved and predict their offensive intentions something like a black box. To open this black box and explore the intention of the insiders, the framework developed here relies on two different security technologies: Security Information Event Management (SIEM) and User Behavior Analytics (UBA). They allow extracting the data from different entity logs, analyzing and separating the malicious activities from non-malicious ones on the base of the User Security Profile (USP). On the other hand, the security engine must allow formulating different hypothesis, which have varying degree of flexibility to address the security requirements and have the ability to identify the main actor and the other participants using analyzed information. Organizations need to implement multi layered defensive approaches to combat insider risks; safeguarding sensitive business information from malicious insiders requires an effective security policy that communicates widely the consequences of stealing or leaking confidential information in an unauthorized manner. Secondly, logging and monitoring employee activity is essential in detecting and controlling system vulnerabilities. Thirdly, conducting periodic and consistent vulnerability assessments is critical to identify any gaps in security controls and to prevent insiders from exploiting them. And last, but certainly not least, taking extra caution when dealing with privileged users is important to proactively protect the information infrastructure from insider risks. |
| id | budr_dcc561604a746a72fe8abc89189d1bee |
| identifier_str_mv | 2014146144 |
| language_invalid_str_mv | en |
| network_acronym_str | budr |
| network_name_str | The British University in Dubai repository |
| oai_identifier_str | oai:bspace.buid.ac.ae:1234/1299 |
| publishDate | 2017 |
| publisher.none.fl_str_mv | The British University in Dubai (BUiD) |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| spelling | Framework for Minimizing Critical Information Infrastructure Threats from InsidersAL KATHEERI, AHMED OMARCyberinfrastructure -- Security measures.information systemsdata theftmalicious insidersMalicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This research aims at investigating the scale and the scope of the risks from malicious insider’s activities and exploring the impact of such threats on business operations. The developed framework targets minimization of the insider threats through profiling the user activities using information from the log files of several components participating in these activities, like IDS, IPS, firewalls, network devices, sever hosts and workstations. Malicious activities potentially leave suspicious patterns and references to users which can be used to infer the main actor or actors and mitigate the threat before they actually occur. The analytical backbone of the framework can be build upon Actor Network Theory. Organizations need to implement a multi layered defensive approaches to combat insider risks; safeguarding sensitive business information from malicious insiders requires an effective security framework that can identify the malicious group members involved and predict their offensive intentions something like a black box. To open this black box and explore the intention of the insiders, the framework developed here relies on two different security technologies: Security Information Event Management (SIEM) and User Behavior Analytics (UBA). They allow extracting the data from different entity logs, analyzing and separating the malicious activities from non-malicious ones on the base of the User Security Profile (USP). On the other hand, the security engine must allow formulating different hypothesis, which have varying degree of flexibility to address the security requirements and have the ability to identify the main actor and the other participants using analyzed information. Organizations need to implement multi layered defensive approaches to combat insider risks; safeguarding sensitive business information from malicious insiders requires an effective security policy that communicates widely the consequences of stealing or leaking confidential information in an unauthorized manner. Secondly, logging and monitoring employee activity is essential in detecting and controlling system vulnerabilities. Thirdly, conducting periodic and consistent vulnerability assessments is critical to identify any gaps in security controls and to prevent insiders from exploiting them. And last, but certainly not least, taking extra caution when dealing with privileged users is important to proactively protect the information infrastructure from insider risks.The British University in Dubai (BUiD)2019-02-11T09:31:49Z2019-02-11T09:31:49Z2017-10Thesisapplication/pdf2014146144https://bspace.buid.ac.ae/handle/1234/1299enoai:bspace.buid.ac.ae:1234/12992021-09-08T08:42:36Z |
| spellingShingle | Framework for Minimizing Critical Information Infrastructure Threats from Insiders AL KATHEERI, AHMED OMAR Cyberinfrastructure -- Security measures. information systems data theft malicious insiders |
| title | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| title_full | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| title_fullStr | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| title_full_unstemmed | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| title_short | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| title_sort | Framework for Minimizing Critical Information Infrastructure Threats from Insiders |
| topic | Cyberinfrastructure -- Security measures. information systems data theft malicious insiders |
| url | https://bspace.buid.ac.ae/handle/1234/1299 |