Crowd Sourcing Human Analyst Playbooks for Insider Threat Mitigation
Gallup, Shelley P.
MetadataShow full item record
We conducted an analysis of the insider threat (InT) hub processes derived from multiple organizations and perspectives. InT analysts, case managers and subject matter experts interacted in a crowd-sourcing game called the Massively Multiplayer Online Wargame Leveraging the internet (MMOWGLI) using themes derived from interviews to stimulate seeds (inputs). Themes, issues and recommendations from the wargame were further refined and are included in a version of the framework for a Navy InT hub. IDEF format modeling was used to analyze processes, procedures and personnel roles from the results of the field research and MMOWGLI, and from documents from SPAWAR 5.0 and interviews with the Defense Security Service (DSS) and Defense Intelligence Agency (DIA). Using case examples from the Carnegie-Mellon Computer Emergency Readiness Team (CERT), we propose a set of ﾓplaybookﾔ processes. We elicit the key aspects of Hub Architecture organization and information flow that must be considered when devising an Insider Threat Hub playbook.
Dr. Shelley P. Gallup (GSOIS)
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Rajchel, Brett L. (Monterey, CA; Naval Postgraduate School, 2020-09);Insider threats are a costly and dangerous problem for government and non-government organizations alike. Considering an insider's inherently privileged level of access on a network, the main principle of network defense'keep ...
Mitigating insider threats in the domestic aviation system: policy options for the Transportation Security Administration Bean, Brian S. (Monterey, California: Naval Postgraduate School, 2017-12);The Transportation Security Administration (TSA) defines insider threat as the risk posed by workers with inside access and knowledge to exploit vulnerabilities in the nation's transportation systems. In recent years, ...
Trusted insiders are committing fraud and embezzlement within organizations: is there a connection to addiction, as the motivating factor for their illegal activities? Johnson, Paul R. (Monterey, California: Naval Postgraduate School, 2014-06);Extensive studies and research have been conducted on insider threats, the possible causes, predictive models and best practices for prevention, early detection, and mitigation of the threats of insider attacks to a wide ...