Document Information
Understanding the Insider Threat
Proceedings of a March 2004 Workshop
Perhaps the greatest threat that the intelligence community (IC) must address in the area of information assurance is the “insider threat”-malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. This document reports the results of a workshop that brought together IC members with specific knowledge of IC document management systems and IC business practices; persons with knowledge of insider attackers, both within and outside the IC; and researchers involved in developing technology to counter insider threats. Plenary and breakout sessions discussed various aspects of the problem, including intelligence community system models, vulnerabilities and exploits, attacker models, and event characterization. Participants listed the following challenges: defining an effective way of monitoring what people do with their cyber access; developing policies and procedures to create as bright a line as possible between allowed and disallowed behaviors; considering sociological and psychological factors and creating better cooperation between information systems personnel and human resources personnel; and combining events from one or more sensors (possibly of various types or different levels of abstraction) to facilitate building systems that test hypotheses about malicious insider activity. Workshop members also considered what databases would aid in this research if they were available.
Support RAND Research — Buy This Product!
Paperback Cover Price: $35.00
Discounted Web Price: $31.50
Pages: 136
ISBN/EAN: 0-8330-3680-7
Special 40% savings will be applied at checkout
Free, downloadable PDF file(s) are available below.
RAND makes an electronic version of this document available for free as a public service. If you find this information valuable, please consider purchasing a paper copy of the full document to help support RAND research.
Use Adobe Acrobat Reader version 7.0 or higher for the best experience.
Contents
Chapter One:
Introduction
Chapter Two:
IC System Models
Chapter Three:
Vulnerabilities and Exploits
Chapter Four:
Attacker Models
Chapter Five:
Event Characterization
Appendix A:
Workshop Invitation
Appendix B:
Workshop Agenda
Appendix C:
Links to Read-Ahead Materials
Appendix D:
Workshop Participants
Appendix E:
Presentation: The Robert Hanssen Case: An Example of the Insider Threat to Sensitive U.S. Information Systems
Appendix F:
Presentation: Overview of the Results of a Recent ARDA Workshop on Cyber Indications and Warning
Appendix G:
Presentation: Intelink Factoids
Appendix H:
Presentation: Glass Box Analysis Project
Appendix I:
Presentation: Interacting with Information: Novel Intelligence from Massive Data
The work described here was conducted in the RAND National Security Research Division, which conducts research and analysis for the Office of the Secretary of Defense, the Joint Staff, the Unified Commands, the defence agencies, the Department of the Navy, the U.S. intelligence community, allied foreign governments, and foundations. These proceedings were supported by the advanced information research area in the Advanced Research and Development Activity within the U.S. intelligence community.
This product is part of the RAND Corporation conference proceedings series. RAND conference proceedings present a collection of papers delivered at a conference or a summary of the conference. The material herein has been vetted by the conference attendees and both the introduction and the post-conference material have been reviewed and approved for publication by the sponsoring research unit at RAND.
Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.
The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.
* RAND research is conducted across divisions, centers, and projects; these organizational components are represented in the "Related RAND Divisions" section above.
Top
RAND® is a registered trademark. Copyright © 1994-2008 RAND Corporation. 