"Practical men, who believe themselves to be quite exempt from any intellectual influence, are usually the slaves of some defunct economist. Madmen in authority, who hear voices in the air, are distilling their frenzy from some academic scribbler of a few years back."
John Maynard Keynes (1936) The General Theory of Employment, Interest, and Money London, Macmillan & Co
Thursday, April 16, 2009
Thursday, April 09, 2009
Insider threats
What is insider threat to information security in organizations?
Why do we need to monitoring threats which may originate from the authorized or trusted user (insider) of a system?
How do we monitor this insider threats (what is/are the existing approaches to monitoring insider threats?)
Why do we need to monitoring threats which may originate from the authorized or trusted user (insider) of a system?
How do we monitor this insider threats (what is/are the existing approaches to monitoring insider threats?)
Developing Effective Mechanism for Managing Insider Threats in Organisations
Developing effective mechanism for the management of insider threats is critical to safeguarding organizational resources, providing confidentiality and integrity.
There are many different approaches and technologies to satisfy this requirement.
In this particular work, however, you will focus on noble document control and detection approach.
You need to provide a hybrid document control mechanism, which is based on the user (actor)’s current context, the user’s assigned roles within the context, and the semantics of the documents that the actor (user) tries to access.
To check the actor’s current context, you can apply existing social network approaches for discovering the actor’s communication flow so that you can represent the context in terms of shadow and legitimate network structures of an organization. This context representation serves as an effective mechanism for making document control decision.
To manage the actor’s privileges, you can use the actor’s assigned roles, which are pre-defined to the corresponding privileges. This further provides efficient and scalable access control.
You first need to consider using the conventional identity-based access control mechanism. However, when the actors’ privileges need to change frequently (e.g., if actors join or leave a collaborative project dynamically), the identity-based access control is not a sound approach. Therefore, the aim is to use the actor’s job functionality (i.e., role) for our access control mechanism.
There are many different approaches and technologies to satisfy this requirement.
In this particular work, however, you will focus on noble document control and detection approach.
You need to provide a hybrid document control mechanism, which is based on the user (actor)’s current context, the user’s assigned roles within the context, and the semantics of the documents that the actor (user) tries to access.
To check the actor’s current context, you can apply existing social network approaches for discovering the actor’s communication flow so that you can represent the context in terms of shadow and legitimate network structures of an organization. This context representation serves as an effective mechanism for making document control decision.
To manage the actor’s privileges, you can use the actor’s assigned roles, which are pre-defined to the corresponding privileges. This further provides efficient and scalable access control.
You first need to consider using the conventional identity-based access control mechanism. However, when the actors’ privileges need to change frequently (e.g., if actors join or leave a collaborative project dynamically), the identity-based access control is not a sound approach. Therefore, the aim is to use the actor’s job functionality (i.e., role) for our access control mechanism.
Subscribe to:
Posts (Atom)