Security information and event management tools and insider threat detection
Callahan, Christopher J.
MetadataShow full item record
Malicious insider activities on military networks can pose a threat to military operations. Early identification of malicious insiders assists in preventing significant damage and reduces the overall insider threat to military networks. Security Information and Event Management (SIEM) tools can be used to identify potential malicious insider activities. SIEM tools provide the ability to normalize and correlate log data from multiple sources on networks. Personnel background investigations and administrative action information can provide data sources for SIEM tools in order to assist in early identification of the insider threat by correlating this information with the individuals online activities. This thesis provides background information on the components and functionality of SIEM tools, summarizes historic insider threat cases to determine common motivations, provides an overview of military security investigations and administrative actions in order to determine candidate sources for SIEM correlation, and provides an overview of common methods of data exfiltration by malicious insiders. This information is then used to develop an example SIEM architecture that highlights how the military can use a SIEM to identify and prevent potential internal insider threats by correlating an individuals network activities with background investigation and administrative action information.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Humphrey, Adam (Monterey, CA; Naval Postgraduate School, 2019-06);The malicious insider threat is one of the most nefarious of potential cyber security breaches. There have been egregious insider data thefts in the last 10 years within the government. The Unintentional Insider Threat ...
A software assurance framework for mitigating the risks of malicious software in embedded systems used in aircraft Ginn, Robert C. (Monterey, California. Naval Postgraduate School, 2011-09);techniques that can be used to detect malicious code in individual aircraft Weapons Replaceable Assemblies (WRAs)
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ...