Insider Attack and Cyber Security Beyond the Hacker

Description


Hackers, especially "terrorist hackers" or "cyberwar hackers" get lots of press. They do indeed pose a serious problem. However, the threat they pose pales be- fore that posed by those closest to us: the insiders. The cyberthreat posed by insiders isn’t new. Donn Parker’s seminal 1978 book Crime by Computer estimated that 95% of computer attacks were committed by authorized users of the system. Admittedly, this was in the pre-Internet era, when very few non-insiders had any access at all; still, the underlying issue – that em- ployees are not always trustable – remains. To be sure, this has always been true – thieving or otherwise corrupt workers have undoubtedly existed since commerce itself – but the power of computers (and our inability to secure them in the best of circumstances) makes the problem far worse today. In June 2007, a workshop (sponsored by Cliff Wang of the Army Research Of- fice) on the insider threat was held. Approximately 35 invitees attended, including security
researchers, vendors, practitioners, and representatives of organizations that perceive a serious insider threat. The goal was to develop a research commu-nity on the insider threat. Of necessity, our first steps were to understand the scope of the problem, to develop a common vocabulary, and to start sketching a research agenda. This volume consists of papers contributed by some of those at-tendees.
Types of Attack
Fundamentally, there are three different types of attack: misuse of access, defense bypass, and access control failure. Each must be approached differently. *PDF*http://rapidshare.com/files/153295455/Insider_Att_-_ack_and_Cy__ber_Security_Be_-_yond_the_Ha_-_cker.rar

Password:MJAG23