Sunday, October 5, 2008

Insider Attack and Cyber Security Beyond the Hacker


Springer Science | ISBN- 13-978-0-387-77321-6 | Jan 2008 | English | PDF | 2.76 MB | 228 Pages

Hackers, especially "terrorist hackers" or "cyberwar hackers" get lots of press. They do indeed pose a serious problem. However, the threat they pose pales be- fore that posed by those closest to us: the insiders. The cyberthreat posed by insiders isn’t new. Donn Parker’s seminal 1978 book Crime by Computer estimated that 95% of computer attacks were committed by authorized users of the system. Admittedly, this was in the pre-Internet era, when very few non-insiders had any access at all; still, the underlying issue – that em- ployees are not always trustable – remains. To be sure, this has always been true – thieving or otherwise corrupt workers have undoubtedly existed since commerce itself – but the power of computers (and our inability to secure them in the best of circumstances) makes the problem far worse today. In June 2007, a workshop (sponsored by Cliff Wang of the Army Research Of- fice) on the insider threat was held. Approximately 35 invitees attended, including security
researchers, vendors, practitioners, and representatives of organizations that perceive a serious insider threat. The goal was to develop a research commu-nity on the insider threat. Of necessity, our first steps were to understand the scope of the problem, to develop a common vocabulary, and to start sketching a research agenda. This volume consists of papers contributed by some of those at-tendees.

Types of Attack
Fundamentally, there are three different types of attack: misuse of access, defense bypass, and access control failure. Each must be approached differently.


Stumble Upon Toolbar

No comments:

Free Web Hosting

Free Web Hosting with Website Builder

Snap Shots

Get Free Shots from