Addressing the insider threat
Conference
·
OSTI ID:6230731
Computers have come to play a major role in the processing of information vital to our national security. As we grow more dependent on computers, we also become more vulnerable to their misuse. Misuse may be accidental, or may occur deliberately for purposes of personal gain, espionage, terrorism, or revenge. While it is difficult to obtain exact statistics on computer misuse, clearly it is growing. It is also clear that insiders -- authorized system users -- are responsible for most of this increase. Unfortunately, their insider status gives them a greater potential for harm This paper takes an asset-based approach to the insider threat. We begin by characterizing the insider and the threat posed by variously motivated insiders. Next, we characterize the asset of concern: computerized information of strategic or economic value. We discuss four general ways in which computerized information is vulnerable to adversary action by the insider: disclosure, violation of integrity, denial of service, and unauthorized use of resources. We then look at three general remedies for these vulnerabilities. The first is formality of operations, such as training, personnel screening, and configuration management. The second is the institution of automated safeguards, such as single-use passwords, encryption, and biometric devices. The third is the development of automated systems that collect and analyze system and user data to look for signs of misuse.
- Research Organization:
- Los Alamos National Lab., NM (United States)
- Sponsoring Organization:
- DOE; USDOE, Washington, DC (United States)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 6230731
- Report Number(s):
- LA-UR-93-1181; CONF-9305151--3; ON: DE93012626
- Country of Publication:
- United States
- Language:
- English
Similar Records
Addressing the insider threat
Spy the Lie: Detecting Malicious Insiders
Threat Landscape for BESS and IBR
Conference
·
Sat May 01 00:00:00 EDT 1993
·
OSTI ID:10160166
Spy the Lie: Detecting Malicious Insiders
Technical Report
·
Mon Mar 12 00:00:00 EDT 2018
·
OSTI ID:1452870
Threat Landscape for BESS and IBR
Conference
·
Wed Jan 22 23:00:00 EST 2025
·
OSTI ID:2997948
Related Subjects
055001 -- Nuclear Fuels-- Safeguards
Inspection
& Accountability-- Technical Aspects
98 NUCLEAR DISARMAMENT, SAFEGUARDS, AND PHYSICAL PROTECTION
99 GENERAL AND MISCELLANEOUS
990200* -- Mathematics & Computers
ADVERSARIES
COMPUTERS
EDUCATION
SAFEGUARDS
SECRECY PROTECTION
SECURITY
TRAINING
VULNERABILITY
Inspection
& Accountability-- Technical Aspects
98 NUCLEAR DISARMAMENT, SAFEGUARDS, AND PHYSICAL PROTECTION
99 GENERAL AND MISCELLANEOUS
990200* -- Mathematics & Computers
ADVERSARIES
COMPUTERS
EDUCATION
SAFEGUARDS
SECRECY PROTECTION
SECURITY
TRAINING
VULNERABILITY