Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage

Abstract

This paper describes the development and proposed application of a Security Information and Event Management (SIEM) signature to detect possible malicious insider activity leading to IT sabotage. In the absence of a uniform, standardized event logging format, this paper presents the signature in two of the most visible public formats, Common Event Framework (CEF) and Common Event Expression (CEE). Because of the limitations of these formats, the SIEM described in this paper employs an operational version of the proposed signature in an ArcSight environment.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2011
Accession Number
ADA636508

Entities

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Crime
  • Department Of Homeland Security
  • Engineering
  • Homeland Security
  • Information Systems
  • Insider Threats
  • Intellectual Property
  • Law
  • Network Protocols
  • Personnel Management
  • Precursors
  • Sabotage
  • Security
  • Security Personnel
  • Software Development
  • Standards
  • Threats

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications