Sciweavers

FC
2009
Springer

Mitigating Inadvertent Insider Threats with Incentives

14 years 6 months ago
Mitigating Inadvertent Insider Threats with Incentives
Inadvertent insiders are trusted insiders who do not have malicious intent (as with malicious insiders) but do not responsibly managing security. The result is often enabling a malicious outsider to use the privileges of the inattentive insider to implement an insider attack. This risk is as old as conversion of a weak user password into root access, but the term inadvertent insider is recently coined to identify the link between the behavior and the vulnerability. In this paper, we propose to mitigate this threat using a novel risk budget mechanism that offers incentives to an insider to behave according to the risk posture set by the organization. We propose assigning an insider a risk budget, which is a specific allocation of risk points, allowing employees to take a finite number of risk-seeking choice. In this way, the employee can complete her tasks without subverting the security system, as with absolute prohibitions. In the end, the organization penalizes the insider if she f...
Debin Liu, XiaoFeng Wang, L. Jean Camp
Added 26 May 2010
Updated 26 May 2010
Type Conference
Year 2009
Where FC
Authors Debin Liu, XiaoFeng Wang, L. Jean Camp
Comments (0)