Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems
ResearchPublished 1999
ResearchPublished 1999
It is widely acknowledged that "insider misuse" is one of the major threats to (and obstacles to achieving) defense information system security. To combat such misuse, the Office of the Assistant Secretary of Defense (Command, Control, Communications, and Information) has requested that workshops be conducted to develop recommendations on mitigating insider threats and reducing information system vulnerabilities. These conference proceedings report on one such workshop, which included input from military officials, researchers, and industry participants. The workshop's main purpose was to propose technical research initiatives regarding how to identify threats and vulnerabilities, how to prevent such threats through security controls, how to detect that misuse has occurred, and how best to respond to such misuse. The workshop participants also identified the need for policies and procedures including (1) a clear definition of "insider," (2) guidance from legal and law enforcement communities regarding the attribution, collection, maintenance, processing, and storage of data to permit proper forensic analysis and trails that lead to appropriate legal prosecution, (3) cost/benefit analyses that will help determine the true value of new security procedures, (4) technology transfer plans, and (5) support for multiple, diverse, concurrent security approaches.
This workshop was cosponsored by RAND's National Security Research Division.
This publication is part of the RAND conference proceeding series. Conference proceedings present a collection of papers delivered at a conference or a summary of the conference.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.