Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

9623 Defense against Insider Threat: a Framework for Gathering Goal-based Requirements
Home Policy Brochure Browse Search User Area Contact Help

Nunes Leal Franqueira, V. and van Eck, P.A.T. (2007) Defense against Insider Threat: a Framework for Gathering Goal-based Requirements. In: Proceedings of the 12th International Workshop on Exploring Modeling Methods in Systems Analysis and Design (EMMSAD 2007), held in conjuction with CAISE'07, 11-15 June 2007, Trondheim, Norway. pp. 193-202. Tapir Academic Press. ISBN 978-82-519-2245-6

Full text available as:

- Univ. of Twente only
300 Kb
Exported to Metis


Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges.
Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat.
The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-IS: Information Systems
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
ID Code:9623
Deposited On:23 June 2009
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item