Understanding The Insider Threat

Sophie Engle, University of San Francisco, San Francisco, CA

Stevenson Hall 1300
12:00 PM - 12:50 PM

The insider threat is growing in importance, but remains difficult to define and model. Much of the problem stems from the difficulty of making a strict division between an "insider" versus an "outsider." To counter this, we focus on access-required by both insiders and outsiders to execute an attack to define the problem. Specifically, we look at access at different levels of abstraction: the types of access that an individual should have, the types of access an individual is configured to have, and the types of access an individual actually has given the implementations of the security controls in place. By examining how access differs at these different levels, we are able to better define and capture the insider threat.