Sciweavers

ACSAC
2004
IEEE

Security Policies to Mitigate Insider Threat in the Document Control Domain

14 years 4 months ago
Security Policies to Mitigate Insider Threat in the Document Control Domain
With rapid advances in online technologies, organizations are migrating from paper based resources to digital documents to achieve high responsiveness and ease of management. These digital documents are the most important asset of an organization and are hence the chief target of insider abuse. Security policies provide the first step to prevent abuse by defining proper and improper usage of resources. Coarse grained security policies that operate on the "principle of least privilege" [1] alone are not enough to address the insider threat, since the typical insider possesses a wide range of privileges to start with. In this paper, we propose a security policy that is tailored to prevent insider abuse. We define the concept of subject, object, actions, rights, context and information flow as applicable to the document control domain. Access is allowed based on the principles of "least privilege and minimum requirements", subject to certain constraints. Unlike existi...
Suranjan Pramanik, Vidyaraman Sankaranarayanan, Sh
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2004
Where ACSAC
Authors Suranjan Pramanik, Vidyaraman Sankaranarayanan, Shambhu J. Upadhyaya
Comments (0)