User Account

All Pages

Detection and mitigation

Assignment Help Basic Computer Science
Reference no: EM131944994

Please paraphrase the below

Detection and Mitigation

Forensics appears to be highly undeveloped when addressing insider threats. Insider behaviour may be close to the expected behaviour, and the still often used audit trail is generally inadequate (redundant, misleading, missing data), and often lacks time correlation. The number of appropriate characteristics to observe may be large, resulting in overwhelming amounts of data. While we have decent tools as the result of a large body of work on intrusion detection, it is unclear how these tools help with insider threats. Current forensics tools often require assumptions such as "only one person had access" or "the owner of the machine is in complete control". Therefore, forensics remains an art, and as an art questions such as what to log or determining the relevance of log data elude clear answers. Detection, forensics, and response must also wrestle with how to distinguish mo- tive and intent. Malicious acts may be equivalent to acts due to accidents or na ¨ivete ´. Insiders may legitimately use domains in unexpected ways that might trigger false alarms. Outsiders, insiders acting with malicious intent, insiders acting without ma- licious intent, and accidental behaviour may all result in similar effects on the or- ganization. Hence there are always going to be gray areas in how security policies define both insider misuse and proper behaviour. Furthermore, actions are context bound, but most security polices only inadequately capture the nuances of context. Monitoring. While monitoring can help with technical aspects, it does potentially worsen behavioural aspects. The deciding factor is how much monitoring is accept- able (both ethically and legally), and whether it is at all beneficial. The noteworthy

point here is that this question arises at all levels in an organization, from individual actors, to groups, to companies, to the society as a whole. The problem is that not only may the same actor have different opinions depending on at which level he is asked, but also that different answers for different individuals may exist at the same level.

An interesting observation is that in certain settings with significantly enhanced monitoring, the number of identified incidents has stayed almost constant. At the same time, and even more worrying, cases such as Kerviel and the Liechtenstein case [8, 15] had in common that the attacker intimately knew the monitoring system and knew how to play it. It is often hypothesized that malicious insiders seek to avoid setting off monitoring alarms by slowly adjusting their profiles, but it seems unclear how easy current behavioural systems can be tricked.

In summary, trust in insiders is a behavioural expectation that still needs to be controlled. While the easy solution to reducing the number of insider cases would be to remove all restrictions (making the illegal actions legal by changing the semantics of the term "legal"), we aim for making the monitoring as efficient as possible, where in different situations the term "efficient" may have different interpretations. An important aspect that can not be underestimated are legal restrictions and privacy aspects of data collection, which may be even harder to follow in multi-national settings.

The goal of monitoring (or observing in general) should be to only monitor what is needed to identify the threat in question. Since currently trust can often be trans- ferred, for example by handing over a code card, it is important to isolate transferred trust as much as possible, not least to allow the result of monitoring to be used to bind actions to actors.

Reference no: EM131944994

Questions Cloud

Create a porters five forces model on your business : Decide what business you want to open. It should be selected from the list of businesses, above.
Most advantageous capital structure of corporation : Imagine that you are a certified Public Accountant (CPA) with a new client who needs an opinion on the most advantageous capital structure of a corporation.
Create a business brief - Define key items or variables : Business Analytics Academic Submissions and Evaluation. For this assignment you will create a business brief of 3 pages
What is the purpose of implementing projects in a business : Address common misconceptions that the company's management may have regarding the use of a project manager to expand the business.
Detection and mitigation : Forensics appears to be highly undeveloped when addressing insider threats. Insider behaviour may be close to the expected behaviour
Displaying the board using a nested : Do one method at a time and make it work before moving on to the next method. Start with displaying the board using a nested for-loop.
How does data leakage occur in an organization : How does data leakage occur in an organization? What are the common causes of this problem?
Cybersecurity and computer security : What are the similarities and differences between cybersecurity and computer security.
How are the two types of operating systems similar : What inherent security controls are included with each operating system? How are the two types of operating systems similar?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd