Research on Mitigating the Insider Threat to Information Systems - #2

Proceedings of a Workshop Held August, 2000

by Robert H. Anderson, Thomas Bozek, Tom Longstaff, Wayne Meitzler, Michael Skroch, Ken Van Wyk


Download eBook for Free

FormatFile SizeNotes
PDF file 5.6 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback134 pages $35.00 $28.00 20% Web Discount

This is the second in a series of conference reports on the topic of R&D initiatives to mitigate and thwart the insider threat to critical U.S. defense and infrastructure information systems. (The first conference, held August 1999, is reported on in RAND/CF-151-OSD.) This August 2000 workshop's three main focus areas were long-term (2-5 year) research challenges and goals toward mitigating the insider threat; developing insider threat models; and developing near-term solutions using commercial off-the-shelf(COTS) and government off-the-shelf (GOTS) products. The long-term research recommendations stressed the need to develop an underlying system architecture designed explicitly with security and survivability in mind (unlike essentially all operating systems and network architectures in use today). Other topics included R&D needed on differential access controls, means of recording and saving the provenance of a digital document, and dealing with the increasing use of mobile code (e.g., in the form of applets, viruses, worms, or macros) in complex information systems. The report also contains a number of recommendations regarding the purposes and design of models of insider behavior, and near-term recommendations for helping to prevent, discover, and mitigate the threat ofinsider misuse of information systems.

Table of Contents

  • Preface

  • Figures

    Figures and Tables

  • Summary

  • Symbols

    List of Symbols

  • Chapter 1


  • Chapter 2

    Long-Term (2-5 Yr.) Research Challenges and Goals

  • Chapter 3

    Insider Threat Models

  • Chapter 4

    Near-Term Solutions

  • Chapter 5

    Concluding Remarks

  • Appendix A

    An Insider Threat Model for Model Adversaries

  • Appendix B

    An Insider Threat Model for Adversary Simulation

  • Appendix C

    Modeling Behavior of the Cyber-Terrorist

  • Appendix D

    Can Technology Reduce the Insider Threat?

  • Appendix E

    The Insider Threat to Information Systems

  • Appendix F

    The Insider Espionage Threat

  • Appendix G

    Insider Threat - A Theoretical Model

  • Appendix H

    Information Assurance Cyberecology

  • Chapter I

    Workshop Agenda

  • Appendix J

    Workshop Participants

  • References

The study was under the auspices of RAND's National Security Research Division.

This report is part of the RAND Corporation Conference proceeding series. RAND conference proceedings present a collection of papers delivered at a conference or a summary of the conference.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.