Insider Detection Method in a Company

Abstract

Managers often focus on external threats mainly due to the difficulties in evaluating the losses from the insider activities. The purpose of the study is to improve the efficient performance of an information security department and a company itself in counteracting insider threats by increasing the accuracy and rate of assessing the insider threat for each employee and ranking employees in accordance with the assessment of a summarized technical threat indicator. The authors morphologically analyze the features of insider activities in three sections and identify a promising area for combating the insiders – a prompt identification of unusual behavior signaling a breach of confidentiality. The paper describes an algorithm developed by the authors for assessing the insider threat for each employee of a company and ranking all employees by a summarized technical threat indicator. The steps to implement the algorithm are described in detail and a fuzzy derivation scheme of a summarized technical threat indicator is presented; an example is used to test the algorithm. The algorithm can be implemented as a part of a corporate information system. It is cheap to use and own, and it is rated as cost-efficient.