Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 5 of 5
Full-Text Articles in Entire DC Network
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Theses and Dissertations
Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that …
Development Of A Malicious Insider Composite Vulnerability Assessment Methodology, William H. King
Development Of A Malicious Insider Composite Vulnerability Assessment Methodology, William H. King
Theses and Dissertations
Trusted employees pose a major threat to information systems. Despite advances in prevention, detection, and response techniques, the number of malicious insider incidents and their associated costs have yet to decline. There are very few vulnerability and impact models capable of providing information owners with the ability to comprehensively assess the effectiveness an organization's malicious insider mitigation strategies. This research uses a multi-dimensional approach: content analysis, attack tree framework, and an intent driven taxonomy model are used to develop a malicious insider Decision Support System (DSS) tool. The DSS tool's utility and applicability is demonstrated using a notional example. This …
An Interactive Relaxation Approach For Anomaly Detection And Preventive Measures In Computer Networks, Garrick A. Bell
An Interactive Relaxation Approach For Anomaly Detection And Preventive Measures In Computer Networks, Garrick A. Bell
Theses and Dissertations
It is proposed to develop a framework of detecting and analyzing small and widespread changes in specific dynamic characteristics of several nodes. The characteristics are locally measured at each node in a large network of computers and analyzed using a computational paradigm known as the Relaxation technique. The goal is to be able to detect the onset of a worm or virus as it originates, spreads-out, attacks and disables the entire network. Currently, selective disabling of one or more features across an entire subnet, e.g. firewalls, provides limited security and keeps us from designing high performance net-centric systems. The most …
Factors Impacting Key Management Effectiveness In Secured Wireless Networks, Yongjoo Shin
Factors Impacting Key Management Effectiveness In Secured Wireless Networks, Yongjoo Shin
Theses and Dissertations
The use of a Public Key Infrastructure (PKI) offers a cryptographic solution that can overcome many, but not all, of the MANET security problems. One of the most critical aspects of a PKI system is how well it implements Key Management. Key Management deals with key generation, key storage, key distribution, key updating, key revocation, and certificate service in accordance with security policies over the lifecycle of the cryptography. The approach supported by traditional PKI works well in fixed wired networks, but it may not appropriate for MANET due to the lack of fixed infrastructure to support the PKI. This …
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Theses and Dissertations
The advancement of technology and reliance on information systems have fostered an environment of sharing and trust. The rapid growth and dependence on these systems, however, creates an increased risk associated with the insider threat. The insider threat is one of the most challenging problems facing the security of information systems because the insider already has capabilities within the system. Despite research efforts to prevent and detect insiders, organizations remain susceptible to this threat because of inadequate security policies and a willingness of some individuals to betray their organization. To investigate these issues, a formal security model and risk analysis …