Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 3.8 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Summary Only

FormatFile SizeNotes
PDF file 0.2 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback136 pages $35.00

Perhaps the greatest threat that the intelligence community (IC) must address in the area of information assurance is the “insider threat”-malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems. This document reports the results of a workshop that brought together IC members with specific knowledge of IC document management systems and IC business practices; persons with knowledge of insider attackers, both within and outside the IC; and researchers involved in developing technology to counter insider threats. Plenary and breakout sessions discussed various aspects of the problem, including intelligence community system models, vulnerabilities and exploits, attacker models, and event characterization. Participants listed the following challenges: defining an effective way of monitoring what people do with their cyber access; developing policies and procedures to create as bright a line as possible between allowed and disallowed behaviors; considering sociological and psychological factors and creating better cooperation between information systems personnel and human resources personnel; and combining events from one or more sensors (possibly of various types or different levels of abstraction) to facilitate building systems that test hypotheses about malicious insider activity. Workshop members also considered what databases would aid in this research if they were available.

The work described here was conducted in the RAND National Security Research Division, which conducts research and analysis for the Office of the Secretary of Defense, the Joint Staff, the Unified Commands, the defence agencies, the Department of the Navy, the U.S. intelligence community, allied foreign governments, and foundations. These proceedings were supported by the advanced information research area in the Advanced Research and Development Activity within the U.S. intelligence community.

This report is part of the RAND conference proceeding series. RAND conference proceedings present a collection of papers delivered at a conference or a summary of the conference.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.