Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 6 of 6
Full-Text Articles in Computer Sciences
Creating Network Attack Priority Lists By Analyzing Email Traffic Using Predefined Profiles, Eric J. Merrit
Creating Network Attack Priority Lists By Analyzing Email Traffic Using Predefined Profiles, Eric J. Merrit
Theses and Dissertations
Networks can be vast and complicated entities consisting of both servers and workstations that contain information sought by attackers. Searching for specific data in a large network can be a time consuming process. Vast amounts of data either passes through or is stored by various servers on the network. However, intermediate work products are often kept solely on workstations. Potential high value targets can be passively identified by comparing user email traffic against predefined profiles. This method provides a potentially smaller footprint on target systems, less human interaction, and increased efficiency of attackers. Collecting user email traffic and comparing each …
Establishing The Human Firewall: Reducing An Individual's Vulnerability To Social Engineering Attacks, Jamison W. Scheeres
Establishing The Human Firewall: Reducing An Individual's Vulnerability To Social Engineering Attacks, Jamison W. Scheeres
Theses and Dissertations
Hackers frequently use social engineering attacks to gain a foothold into a target network. This type of attack is a tremendous challenge to defend against, as the weakness lies in the human users, not in the technology. Thus far, methods for dealing with this threat have included establishing better security policies and educating users on the threat that exists. Existing techniques aren’t working as evidenced by the fact that auditing agencies consider it a given that will be able to gain access via social engineering. The purpose of this research is to propose a better method of reducing an individual’s …
Development Of A Malicious Insider Composite Vulnerability Assessment Methodology, William H. King
Development Of A Malicious Insider Composite Vulnerability Assessment Methodology, William H. King
Theses and Dissertations
Trusted employees pose a major threat to information systems. Despite advances in prevention, detection, and response techniques, the number of malicious insider incidents and their associated costs have yet to decline. There are very few vulnerability and impact models capable of providing information owners with the ability to comprehensively assess the effectiveness an organization's malicious insider mitigation strategies. This research uses a multi-dimensional approach: content analysis, attack tree framework, and an intent driven taxonomy model are used to develop a malicious insider Decision Support System (DSS) tool. The DSS tool's utility and applicability is demonstrated using a notional example. This …
Development Of A Methodology For Customizing Insider Threat Auditing On A Microsoft Windows Xp® Operating System, Terry E. Levoy
Development Of A Methodology For Customizing Insider Threat Auditing On A Microsoft Windows Xp® Operating System, Terry E. Levoy
Theses and Dissertations
Most organizations are aware that threats from trusted insiders pose a great risk to their organization and are very difficult to protect against. Auditing is recognized as an effective technique to detect malicious insider activities. However, current auditing methods are typically applied with a one-size-fits-all approach and may not be an appropriate mitigation strategy, especially towards insider threats. This research develops a 4-step methodology for designing a customized auditing template for a Microsoft Windows XP operating system. Two tailoring methods are presented which evaluate both by category and by configuration. Also developed are various metrics and weighting factors as a …
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Theses and Dissertations
Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that …
Detecting Potential Insider Threats Through Email Datamining, James S. Okolica
Detecting Potential Insider Threats Through Email Datamining, James S. Okolica
Theses and Dissertations
No abstract provided.