A Study on Analyzing Risk Scenarios About Vulnerabilities of Security Monitoring System: Focused on Information Leakage by Insider

  • Kunwoo Kim
  • Jungduk KimEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11402)


Information leakage by insider results in financial losses and ethical issues, thus affects business sustainability as well as corporate reputation. In Korea, information leakage by insiders occupies about 80% of the security incidents. Most companies are establishing preventive and prohibited security policies. Nevertheless, security incidents are unceasing. Such restrictive security policies inhibit work efficiency or make employees recognize security negatively. Due to these problems, the rapid detection capability of leakage signs is required. To detect the signs of information leakage, security monitoring is an essential activity. This study is an exploratory case study that analyzed the current state of security monitoring operated by three companies in Korea and provides some risk scenarios about information leakage. For the case analysis, this study collected each company’s security policy, systems linked with security monitoring system, and system log used. As a result, this study identified vulnerabilities that were difficult to be detected with the current security monitoring system, and drew 4 risk scenarios that were likely to occur in the future. The results of this study will be useful for the companies that are planning to establish effective security monitoring system.


Insider threat Information leakage Security monitoring 



This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2018-2014-1-00636) supervised by the IITP (Institute for Information & communications Technology Promotion).


  1. 1.
    Garrison, C.P., Ncube, M.: A longitudinal analysis of data breaches. Inf. Manag. Comput. Secur. 19(4), 216–230 (2011). Scholar
  2. 2.
    Chang, H.B.: A study on the countermeasure by the types through case analysis of industrial secret leakage accident. J. Inf. Secur. 15(7), 39–45 (2015)Google Scholar
  3. 3.
    Scholtz, T.: Consider a people-centric security strategy (2013). Gartner G00249357Google Scholar
  4. 4.
    Barnes, D.J., Hernandez-Castro, J.: On the limits of engine analysis for cheating detection in Chess. Comput. Secur. 48, 58–73 (2015). Scholar
  5. 5.
    Cho, S.K., Jun, M.S.: Privacy leakage monitoring system design for privacy protection. J. Korea Inst. Inf. Secur. Cryptol. 22(1), 99–106 (2012)Google Scholar
  6. 6.
    Magklaras, G.B., Furnell, S.M.: A preliminary model of end user sophistication for insider threat prediction in IT systems. Comput. Secur. 24(5), 371–380 (2005). Scholar
  7. 7.
    Walton, R.: Balancing the insider and outsider threat. Comput. Fraud Secur. 11, 8–11 (2006). Scholar
  8. 8.
    Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: evaluating the probability of IT misuse. Comput. Secur. 21(1), 62–73 (2001). Scholar
  9. 9.
    Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472–484 (2005). Scholar
  10. 10.
    Stanton, J.M., Stam, K.R., Mastrangelo, P., Jolton, J.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005). Scholar
  11. 11.
    Pattinson, M., Parsons, K., Butavicius, M., McCormac, A., Calic, D.: Assessing information security attitudes: a comparison of two studies. Inf. Comput. Secur. 24(2), 228–240 (2016). Scholar
  12. 12.
    Stalla-Bourdillon, S.: Online monitoring, filtering, blocking…. What is the difference? Where to draw the line? Comput. Law Secur. Rev. 29(6), 702–712 (2013). Scholar
  13. 13.
    Ambre, A., Shekokar, N.: Insider threat detection using log analysis and event correlation. Procedia Comput. Sci. 45, 436–445 (2015). Scholar
  14. 14.
    Park, S.J., Lim, J.I.: A study on the development of SRI (Security Risk Indicator)-based monitoring system to prevent the leakage of personally identifiable information. J. Korea Inst. Inf. Secur. Cryptol. 22(3), 637–644 (2012)Google Scholar
  15. 15.
    Furnell, S.: Enemies within: the problem of insider attacks. Comput. Fraud Secur. 2004(7), 6–11 (2004). Scholar
  16. 16.
    Park, J.S., Lee, I.Y.: Log analysis method of separate security solution using single data leakage scenario. Trans. Comput. Commun. Syst. 4(2), 65–72 (2015)Google Scholar
  17. 17.
    Thompson, H.H., Whittaker, J.A., Andrews, M.: Intrusion detection: perspectives on the insider threat. Comput. Fraud Secur. 2004(1), 13–15 (2004). Scholar
  18. 18.
    Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the Sixth Annual IEEE SMC, pp. 340–347 (2005).
  19. 19.
    Sanzgiri, A., Dasgupta, D.: Classification of insider threat detection techniques. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference. ACM (2016).
  20. 20.
    Yin, R.K.: Case Study Research Design and Methods, 5th edn. Sage Publications, Thousand Oaks (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Chung-Ang UniversitySeoulRepublic of Korea

Personalised recommendations