Research on Mitigating the Insider Threat to Information Systems - #2: Proceedings of a Workshop Held August, 2000
Jan 1, 2000
It is widely acknowledged that "insider misuse" is one of the major threats to (and obstacles to achieving) defense information system security. To combat such misuse, the Office of the Assistant Secretary of Defense (Command, Control, Communications, and Information) has requested that workshops be conducted to develop recommendations on mitigating insider threats and reducing information system vulnerabilities. These conference proceedings report on one such workshop, which included input from military officials, researchers, and industry participants. The workshop's main purpose was to propose technical research initiatives regarding how to identify threats and vulnerabilities, how to prevent such threats through security controls, how to detect that misuse has occurred, and how best to respond to such misuse. The workshop participants also identified the need for policies and procedures including (1) a clear definition of "insider," (2) guidance from legal and law enforcement communities regarding the attribution, collection, maintenance, processing, and storage of data to permit proper forensic analysis and trails that lead to appropriate legal prosecution, (3) cost/benefit analyses that will help determine the true value of new security procedures, (4) technology transfer plans, and (5) support for multiple, diverse, concurrent security approaches.