Manas Kumar Yogi
- Assistant Professor Department of Computer Science & Engineering, Pragati Engineering College (A), Surampalem Andhra Pradesh India
Abstract
Designing a novel insider threat model is a critical imperative in the realm of cybersecurity. As organizations face an ever-expanding threat landscape, insider threats, whether deliberate or inadvertent, present a formidable challenge to the safeguarding of sensitive data and critical assets. This abstract encapsulates the significance, challenges, and innovations inherent in crafting an effective insider threat model for enhanced cybersecurity. The necessity for novel insider threat models arises from the recognition that traditional security measures often overlook the dangers posed by trusted insiders. This paper explores the multifaceted domain of designing such models, emphasizing their proactive nature and adaptability to evolving security threats. The complexities of this endeavor are magnified by several challenges, ranging from acquiring high-quality data and maintaining compliance with privacy regulations to addressing false positives and combating evolving attack vectors. Additionally, the model’s efficacy depends on a deep understanding of contextual information, user behavior profiling, and the ability to differentiate between normal and anomalous activities. It also requires striking a delicate balance between security and privacy, respecting ethical and legal standards while gaining the trust of employees and stakeholders. Innovations in insider threat modeling encompasses a comprehensive approach, integrating advanced machine learning algorithms, user and entity behavior analytics, and adaptive learning to create a dynamic defense against insider threats. This paper underscores the necessity of continuous improvement, collaboration between experts from diverse domains, and awareness of evolving threats and best practices.
Keywords: Insider threat, cybersecurity, privacy, malicious, threat model, safeguard
[This article belongs to International Journal of Information Security Engineering(ijise)]
References
Anderson R. Security Engineering: A Guide to Building Dependable Distributed Systems. New York, NY, USA: John Wiley & Sons; 2020.
Swinhoe D. What is an insider threat? 7 warning signs to watch for. CSO Online. December 3, 2018. Available at https://www.csoonline.com/article/566603/what-is-an-insider-threat-7-warning-signs-to-watch-for.html
Chan TK, Chin CS, Chen H, Zhong X. A comprehensive review of driver behavior analysis utilizing smartphones. IEEE Trans Intell Transport Syst. 2019; 21 (10): 4444–4475.
Keeney M, Kowalski E, Cappelli D, Moore A, Shimeall T, Rogers S. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Washington, DC, USA: United States Secret Service; 2005.
Nicolaou A, Shiaeles S, Savage N. Mitigating insider threats using bio-inspired models. Appl Sci. 2020; 10 (15): 5046.
Shafiullah M, Refat AM, Haque ME, Chowdhury DM, Hossain MS, Alharbi AG, Alam MS, Ali A, Hossain S. Review of recent developments in microgrid energy management strategies. Sustainability. 2022; 14 (22): 14794.
Spitzner L. Honeypots: Tracking Hackers. Reading, MA, USA: Addison-Wesley; 2003.
Al-Mhiqani MN, Ahmad R, Abidin ZZ, Abdulkareem KH, Mohammed MA, Gupta D, Shankar K. A new intelligent multilayer framework for insider threat detection. Computers Electric Eng. 2022; 97: 107597.
Force JT. Security and Privacy Controls for Information Systems and Organizations. Gaithersburg, MD, USA: National Institute of Standards and Technology; 2017.
Verkijika SF, De Wet L. E-government adoption in sub-Saharan Africa. Electron Commerce Res Appl. 2018; 30: 83–93.
| Volume | 01 |
| Issue | 02 |
| Received | October 29, 2023 |
| Accepted | November 27, 2023 |
| Published | December 30, 2023 |