Development of a Malicious Insider Composite Vulnerability Assessment Methodology

Abstract

Trusted employees pose a major threat to information systems. Despite advances in prevention, detection, and response techniques, the number of malicious insider incidents and their associated costs have yet to decline. There are very few vulnerability and impact models capable of providing information owners with the ability to comprehensively assess the effectiveness an organization's malicious insider mitigation strategies. This research uses a multi-dimensional approach: content analysis, attack tree framework, and an intent driven taxonomy model are used to develop a malicious insider Decision Support System (DSS) tool. The DSS tool's utility and applicability is demonstrated using a notional example. This research gives information owners data to more appropriately allocate scarce security resources.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2006
Accession Number
ADA453929

Entities

People

  • William H. King

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Application Protocols
  • Computer Crime
  • Computers
  • Cybersecurity
  • Decision Support Systems
  • Detection
  • Electronic Mail
  • Graphical User Interface
  • Information Security
  • Information Systems
  • National Security
  • Risk Analysis
  • Security
  • Security Personnel
  • Spreadsheet Software
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design