Insider threat data sharing
Sellen, Jeremey J.
MetadataShow full item record
Insider threat is a significant problem for both governmental and private organizations. Individuals can do immense harm with their trusted accesses. To combat this threat, organizations have created departments with trained analysts whose sole purpose is to deter, detect, and mitigate the insider threat. These analysts monitor employees and analyze activities to detect dangerous practices, whether witting or unwitting, and report these actions to supervisors for mitigation. When organizations share insider threat information among each other, it can improve all organizations' abilities to deter, detect, or mitigate the insider threat. The challenge lies in merging external and existing data with as little human interaction as possible. This thesis examines the work that takes place in an insider threat department and identifies requirements for a solution that would allow for information sharing between organizations.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Garfinkel, Simson L.; Beebe, Nicole; Liu, Lishu; Maasberg, Michele (2013);This research uses machine learning and outlier analysis to detect potentially hostile insiders through the automated analysis of stored data on cell phones, laptops, and desktop computers belonging to members of an ...
Dougherty, Kevin R. (Monterey, California: Naval Postgraduate School, 2017-03);There is no process or system capable of detecting obfuscated network traffic on Department of Defense (DOD) networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of this traffic on a ...
CHDS Staff (2010-04-16);The tragedy at Fort Hood taught that detection of an insider threat requires integration of data from multiple sources, both from within and beyond organizations. In the Technology for Homeland Security course, Michael ...