Insider Threat Security Reference Architecture

Abstract

The Insider Threat Security Reference Architecture (ITSRA) provides an enterprise-wide solution to insider threat. The architecture consists of four security layers: Business, Information, Data, and Application. Organizations should deploy and enforce controls at each layer to address insider attacks. None of the layers function in isolation or independently of other layers. Rather, the correlation of indicators and application of controls across all four layers form the crux of this approach. Empirical data consisting of more than 700 cases of insider crimes show that insider attacks proved successful in inflicting damage when an organization failed to implement adequate controls in any of three security principles: authorized access, acceptable use, and continuous monitoring. The ITSRA draws from existing best practices and standards as well as from analysis of these cases to provide actionable guidance for organizations to improve their posture against the insider threat.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2012
Accession Number
ADA609926

Entities

People

  • Andrew Moore
  • Joji Montelibano

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Weapons Technologies

DTIC Thesaurus Topics

  • Authentication
  • Best Practices
  • Commerce
  • Computer Programs
  • Detection
  • Employment
  • Engineering
  • Information Security
  • Information Systems
  • Insider Threats
  • Intellectual Property
  • Intrusion Detection
  • Operating Systems
  • Personnel Management
  • Security
  • Software Development
  • Standards

Fields of Study

  • Computer science

Readers

  • Calculus or Mathematical Analysis
  • Cybersecurity.
  • Military History / Militaries and War Studies