Case Studies of an Insider Framework
- Author(s): Bishop, M
- Engle, Sophie
- Peisert, Sean
- Whalen, Sean
- Gates, Carrie
- et al.
Published Web Locationhttp://doi.ieeecomputersociety.org/10.1109/HICSS.2009.617
Many groups are interested in the insider threat problem, but the model generally used by all of these groups is implicitly binary—one is either within a perimeter or not. There is another model, however, that employs a graduated approach to defining insiders. This approach gives greater flexibility for considering many threats that are not traditionally captured by a model, such as the impact of social engineering attacks. This new definition enables more accurate and useful security policies to be implemented so that well-defined insiders can be deterred, detected, and analyzed. We examine the flexibility of this model in this paper through case studies, showing how the model captures both traditional insiders and social engineering attacks.