Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 4 of 4
Full-Text Articles in Engineering
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Theses and Dissertations
Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that …
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Theses and Dissertations
The advancement of technology and reliance on information systems have fostered an environment of sharing and trust. The rapid growth and dependence on these systems, however, creates an increased risk associated with the insider threat. The insider threat is one of the most challenging problems facing the security of information systems because the insider already has capabilities within the system. Despite research efforts to prevent and detect insiders, organizations remain susceptible to this threat because of inadequate security policies and a willingness of some individuals to betray their organization. To investigate these issues, a formal security model and risk analysis …
An Historical Analysis Of Factors Contributing To The Emergence Of The Intrusion Detection Discipline And Its Role In Information Assurance, James L.M. Hart
An Historical Analysis Of Factors Contributing To The Emergence Of The Intrusion Detection Discipline And Its Role In Information Assurance, James L.M. Hart
Theses and Dissertations
In 2003, Gartner, Inc., predicted the inevitable demise of the intrusion detection (ID) market, a major player in the computer security technology industry. In light of this prediction, IT executives need to know if intrusion detection technologies serve a strategic purpose within the framework of information assurance (IA). This research investigated the historical background and circumstances that led to the birth of the intrusion detection field and explored the evolution of the discipline through current research in order to identify appropriate roles for IDS technology within an information assurance framework. The research identified factors contributing to the birth of ID …
Analyzing And Improving Stochastic Network Security: A Multicriteria Prescriptive Risk Analysis Model, David L. Lyle
Analyzing And Improving Stochastic Network Security: A Multicriteria Prescriptive Risk Analysis Model, David L. Lyle
Theses and Dissertations
This research optimized two measures of network security by hardening components and improving their reliability. A common measure of effectiveness (MOE) for networks is statistical reliability, which ignores the effects of hostile actions. A new MOE which includes hostile actions was developed. Both measures require component reliability functions, derived using fault trees. Fuzzy Logic and Monte Carlo simulation were used to quantify uncertainty. Results from the model are compared to traditional Risk Assessment results.