The insider threat minimization and mitigation framework

Abstract

Countering the insider threat is a difficult and daunting task. Organizations concerned with the problem usually train their employees on security-related matters, rules of behavior policies, and the consequences of committing criminal activities. More technically-oriented solutions include enhanced credentialing and access control, and the use of monitoring tools that provide insight into the health and status of systems. This paper addresses the deficiency of widely-used monitoring tools and strategies. It proposes a solution that equips a system with innate self-defense mechanisms that relieve the system from having to rely on human intervention. The paper introduces the Insider Threat Minimization and Mitigation Framework. The framework equips systems with self-defense mechanisms such that a system can instantaneously respond to potential threats and defend itself against users who have unfettered access to it. The framework employs the autonomous demotion of power users' access privileges based on analysis and evaluation of the user's risk level. The paper presents the details of the proposed framework and simulates its effectiveness within a data center environment of mission-critical systems.