Abstract
It is no longer a hidden fact, that insider misuse, either intentional of unintentional, constitutes grave consequence to business continuity. Detection and prediction of such misuse are however facing practical setbacks, due in part to the relative proximity of an insider to organizational assets, as well as human dynamics in relation to societal dynamics. The Saying of “prevention is better than cure” thus becomes the best option for such misuse mitigation. One way of prevention is deterrence, through investigative capability. This research therefore presents an investigation model for insider misuse mitigation. This model can be strictly applied for identification of the insider emergence, as well as for identification of misuse activities from an insider action. Implementing this model in forensic process can be a breakthrough for digital forensics in insider misuse occurrences.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adeyemi, I.R., Razak, S.A., Azhan, N.A.: Identifying critical features for netowrk forensics investigation perspective critical. International Journal of computer science and information Seucity, 1–23 (2012), http://arxiv.org/ftp/arxiv/papers/1210/1210.1645.pdf (retrieved October 20, 2012 йил)
Breweer, D.F., Nash, M.J.: The Chinese Wall Security Policy. In: IEEE Symposium on research in Security and Privacy, pp. 206–214. IEEE, Oakland (1989)
Buško, V.: Measuring individual differences in psychological attributes: A psychometric view of contextual effects. Review of Psychology, 43–46 (2010)
Clark, D.G., Wilson, D.R.: A comparison of Commercial and Military Computer Security Policies, pp. 184–194. IEEE (1987)
Dehkordi, M.R., Carr, D.: A multi-perspective approach to insider threat detection. Military comnnunication conference-Track 3- cyber ssecurity and netorkl operation, pp. 1164–1169. IEEE (2011)
Denning, D.E.: A Lattice Model of Secure Information flow. Communication of the ACM, 236–243 (1976)
Economics, C.: Computer EEconomics: Metric for IT Management ( May 2010), https://www.computereconomics.com/custom.cfm?name=postPaymentGateway.cfm&id=1435 (retrieved November 17, 2012)
Greitzer, F.L., Frincke, D.A.: Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards predictive Modelling for insider Threat Mitigation, pp. 85–112. Spinger Science + Business Media (2010)
Hunker, J., Probst, C.W.: Insiders and Insider Threats An Overview of Definitions and Mitigation Techniques. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1), 4–27 (2011)
Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010)
Karagiannis, T., Molle, M., Faloutsos, M.: Long-Range Dependence Ten years of Internet traffic modeling, pp. 2–9. IEEE Computer Society (2004)
Keeney, M., Kowalski, E., Cappelli, D., Moore, A., Shimeall, T., Rogers, S.: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2005)
Kowalski, E., Conway, T., Keverline, S.P., Williams, M., Cappelli, D., Willke, B., Moore, A.: Insider Threat Study: Illicit Cyber Activity in the Government Sector. United State secret service, and CERT Software engineering Institute. Carnegie Mellon (2008)
Lin, T.Y.: Chinese Wall Security Model and Conflict Analysis. In: The 24th Annual International Computer Software and Applications Conference, COMPSAC 2000, pp. 122–127. IEEE Society, Taipei (2000), doi:10.1109/CMPSAC.2000.884701
Magklaras, G.B., Furnell, S.M.: A priliminary Model of end user sophistication for insder threat prediction in IT system, pp. 371–280. Elsevier Computer nad Security (2004)
Magklaras, G.B., Furnell, S.M.: The insider misuse threat survey: investyigating IT misuse from legitimate users. We-B Centre & Edith Cowan University, 1–8 (2004)
Magklaras, G. V.: An Insider Misuse Threat Detection and Prediction Language. Faculty of Science and Technology, School of Computing and Mathematics. PhD Thesis. University of Plymouth, Plymouth (2011), http://pearl.plymouth.ac.uk:8080/pearl_xmlui/handle/10026.1/1024?show=full (retrieved December 08, 2012)
Mu, C., Clark, D.: Quantitative analysis of secure information flow via probabilistic semantics. King’s College London, London (2007)
Neumann, G.P.: The challenges of Insider Misuse. WorkShop on Preventing, Detecting, and Response to Malicious Insider Misuse. RAND, August 16-18, pp. 1–23. Computer Science lab, SRI Intenational EL-234, Santa Monica (1999), http://www.csl.sri.com/users/neumann/pgn-misuse.html (retrieved December 15, 2012)
Popovsky, B.E., Frincke, D.A., Taylor, C.A.: A Theoretical Framework for Organizational Network Forensic Readiness. Journal of Computers 2(3), 1–11 (2007)
Pramanik, S., Sankaranayanan, V., Upadhyaya, S.: Security policies to mitigate insider threat in the Document Control domain. In: 20th Annual Computer Security Application Conference, pp. 1–10. IEEE xplore (2004)
Rezau, K.M., Grout, V.: On Reducing the Degree of Long-range Dependent Network Traffic Using the CoLoRaDe Algorithm. IJCSNS International Journal of Computer Science and Network Security, 80–86 (2007)
Sakar, K.R.: Assessing insider threat to information security using technical, behavioral and organizational measures. Elsevier Information Security Technical reprot (2010)
Schultz, E.E.: A framework for understanding and predicting insider attacks. Computer Security, pp. 526–531. Elsevier Science Ltd., London (2002), doi:0167-4048/02
Shatnawi, N., Althebyan, Q., Mardini, W.: Detection of Insiders Misuse in Database System. In: International Multiconference of Engineers and Computer Scientist, Honk Kong, pp. 1–6 (2011)
Shaw, E.: The role of behavior research in Malaicious cyber insider investigation. Science Direct- Digital investigation, 20–31 (2006)
Stiawan, D., Idris, M.Y., Salam, M.S., Abdullah, A.H.: Intrusion threat detection from insider attack using learning behavior-base. International Journal of the Physical Science, 624–637 (2012)
Velpula, V.B., Gudipudi, D.: Behavior-Anomaly-Based System for Detecting Insider Attacks and Data Mining. International Journal of Recent Trends in Engineering 2(1), 261–266 (2009)
Verizon. 2012 Data Breach Investigation Report. e Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service, Verizon RISK Team. verizon (2012), http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-Data-Breach-Report-2012.pdf (retrieved December 12, 2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Adeyemi, I.R., Razak, S.A., Zainal, A., Azhan, N.A.N. (2013). A Digital Forensic Investigation Model for Insider Misuse. In: Nagamalai, D., Kumar, A., Annamalai, A. (eds) Advances in Computational Science, Engineering and Information Technology. Advances in Intelligent Systems and Computing, vol 225. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-00951-3_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-00951-3_28
Publisher Name: Springer, Heidelberg
Print ISBN: 978-3-319-00950-6
Online ISBN: 978-3-319-00951-3
eBook Packages: EngineeringEngineering (R0)