Low Cost Technical Solutions to Jump Start an Insider Threat Program

Abstract

Any information security initiative within an organization typically involves a set of tools to help the initiative succeed. These initiatives may be faced with tight budgets limiting funds that can be spent on hardware and software. Insider threat programs (InTP) are no different. These programs need to have tools that can be used to help combat the threat. Insider threat programs should consider five different classes of tools to help prevent, detect, and respond to malicious insiders. The minimum classes of tools that are needed for an effective program include the following: 1. user activity monitoring (UAM). 2. data loss prevention (DLP). 3. security information and event management (SIEM). 4. analytics. 5. digital forensics. Commercial tools are available in all of these categories. However, they are typically geared toward large enterprises, with purchase prices and implementation costs that are out of reach for many smaller organizations. This creates a barrier and a deterrent for many organizations that need to implement an InTP.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 11, 2016
Accession Number
AD1045006

Entities

People

  • Daniel L. Costa
  • Derrick L. Spooner
  • George J. Silowash
  • Michael J. Albrethsen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Autonomy
  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Application Software
  • Commerce
  • Computational Forensics
  • Computer Network Security
  • Computer Programming
  • Computers
  • Cybersecurity
  • Databases
  • Information Security
  • Insider Threats
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Operating Systems
  • Security
  • Software Development
  • Web Browsers

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.
  • Defense Acquisition Program Management