Add to collection(s) Add to saved
  1. Science
  2. Health Science
  3. Pediatrics

Document 14927205

advertisement 
vii
TABLE OF CONTENTS
CHAPTER
1
2
TITLE
PAGE
DECLARATION
ii
DEDICATION
iii
ACKNOWLEDGMENT
iv
ABSTRACT
v
ABSTRAK
vi
TABLE OF CONTENTS
vii
LIST OF TABLES
xii
LIST OF FIGURES
xiv
LIST OF APPENDICES
xvi
INTRODUCTION
1
1.1
Introduction
1
1.2
Problem Background
1
1.3
Problem Statement
3
1.4
Aim of this Study
4
1.5
Research objectives
4
1.6
Project Scope
4
1.7
Significance of the Research
5
1.8
Organization of Report
6
LITERATURE REVIEW
7
2.1
Introduction
7
2.2
Insider threats
8
2.3
The impact of the insider threat
9
2.4
The key characteristics of insider threats
9
viii
2.5
2.6
2.4.1
Trust
10
2.4.2
Access
10
2.4.3
Knowledge and skills
10
2.4.4
Security perimeter
11
Categorizing insiders
11
2.5.1
Pure insider
12
2.5.2
Insider associate
12
2.5.3
Insider affiliate
13
2.5.4
Outside affiliate
13
Insider threat and threat agents
14
2.6.1
Insider threat capability
15
2.6.2
Insider threat motivation
15
2.6.3
Insider threat opportunity
16
2.7
End user security behavior
17
2.8
Insider threat profiles
19
2.9
Classification of countermeasure of Insider Threats
22
2.9.1
22
2.10
Technical-, Formal- and Informal controls
Factors affecting human behavior in the of
shifting technical, social, business and cultural
factors
2.10.1
2.10.2
2.10.3
26
Technical and social factors affecting
the insider threat
26
2.10.1.1 Technology is impacting on
social interactions
26
2.10.1.2 Security is not keeping up
with technological and
social changes in
the workplace
27
Business and economic factors
affecting the insider threat
28
2.10.2.1 Outsourcing can increase
insider risks
28
2.10.2.2 The global recession is
affecting insider Behavior
28
Cultural factors affecting the insider
Threat
29
ix
2.11
29
2.10.3.2 Regional culture
30
The importance of non-technical mitigations
for the insider threat
2.11.1
2.12
2.10.3.1 Organizational culture
30
Enforce baseline security policies and
Procedures
30
2.11.2
Extend traditional policy and guidance
31
2.11.3
Conduct ongoing personnel checks
31
Existing Frameworks for human behavior to
mitigate the insider threats
31
2.12.1
A framework for insider threats
32
2.12.1.1 The Organization
32
2.12.1.2 The System
33
2.12.1.3 The Individual
34
2.12.1.4 The environment
34
End user security behavior
35
2.12.2.1 The body of knowledge
36
2.12.2.2 The behavior demonstrated
by senior management
36
2.12.2
2.12.2.3 The user’s security common
sense and decision making
skills
2.12.2.4 The user’s personal values
and standards of conduct
37
The user’s sense
of obligation
37
The difficulty in complying
38
2.12.2.5
2.12.2.6
2.12.3
2.12.4
36
Insider Prediction Model
38
2.12.3.1
User Taxonomy
39
2.12.3.2
Psychological Profiling
40
2.12.3.3
Real Time Usage Profiling
40
2.12.3.4
Decision Manager
40
Framework for relations between
threat, countermeasure, human
factor and behavior
41
x
2.12.4.1
Information security
Internal Threat
42
Countermeasures to
mitigate insider threats
42
2.12.4.3
Human factors
43
2.12.4.4
User Behavior
44
2.12.4.2
2.13
3
Summary
53
METHODOLOGY
55
3.1
Introduction
55
3.2
Research Methodology
55
3.3
Operational Framework
56
3.3.1
Phase 1
59
3.3.2
Phase 2
60
3.3.2.1 Compose the questionnaire
61
3.3.2.2 Distributing the questionnaire
61
Phase 3
62
3.3.3.1 Analyze the questionnaire
62
3.3.3
3.4
4
Summary
63
FRAMEWORK IMPLEMENTATION
64
4.1
Introduction
64
4.2
Conceptual Framework for Human Behavior
to Mitigate of Insider Threat
64
4.2.1
User Motivation
66
4.2.2
Organizational security culture
66
4.2.3
User Training
67
4.2.4
Security Knowledge
68
4.2.5
Security policy
68
4.2.6
Decision making skills
68
4.2.7
User Personal Value
69
4.3
Summary
69
xi
5
ANALYSIS AND RESULT
70
5.1
Introduction
70
5.2
Validation the Components Framework of Human
Behavior to Mitigate the Insider Threat
5.2.1
Demographics
70
71
5.2.2
User Motivation
72
5.2.2.1
5.2.3
5.2.4
5.2.5
73
5.2.2.3 Facilities
74
Security Organizational Culture
75
5.2.3.1
Attitude
76
5.2.3.2
Trust
77
User Training
5.2.4.1
Security Awareness
78
5.2.4.2
Skills
79
Security knowledge
Security policy awareness,
standards and procedures
80
80
5.2.6
Security policy
81
5.2.7
Decision making skills
83
5.2.7.1
Capability
83
5.2.7.2
Opportunity
84
5.2.8
5.4
72
5.2.2.2 Rewards
5.2.5.1
5.3
Increasing Employee’s Salary
User personal values
85
Recommendations from the Expert
87
5.3.1
User motivation
87
5.3.2
Security Organizational Culture
87
5.3.3
User Training
88
5.3.4
Security knowledge
88
5.3.5
Security policy
89
5.3.6
Decision Making Skills
89
5.3.7
User Personal Values
90
Components of human behavior to mitigate the insider
Threat
90
xii
5.5
5.6
6
Framework of human behavior to mitigate
the insider threat
94
Summary
96
DISCUSSION AND CONCLUSSION
6.1
Introduction
97
6.2
Project Achievement
97
6.3
Project Constraints
98
6.4
Future Works
99
6.5
Summary
99
REFERENCES
100
APPENDIX A
104
APPENDIX B
111
APPENDIX C
118
xiii
LIST OF TABLES
TABLE NO.
TITLE
PAGE
2.1
The Insider Threats Profiles
21
2.2
The Countermeasure on Insider Threat
25
2.3
Conceptual frameworks for human behavior
to mitigate the Insider Threats
45
2.4
Features of existing Framework
47
2.5
The strength and weakness of existing Human
Behavior framework to mitigate Insider Threats
49
Selected Components of the Insider Threat
Framework
51
3.1
Details of Research Methodology
57
5.1
Demographic Characters of Questionnaire
Respondents
72
5.2
Violate the Security Policy
83
5.3
User Personal Values
86
5.4
Contribution of selected components of Human
Behavior to mitigate the Insider Threat
91
2.6
xiv
LIST OF FIGURES
FIGURE NO.
TITLE
PAGE
2.1
Categories of Insiders
13
2.2
Factors contributing to the creation of an Insider
Threat
14
2.3
The Components of Capability
15
2.4
The Components of Motivation
16
2.5
The Components of Opportunity
17
2.6
ABC Model
18
2.8
Frameworks for Insider Threats
32
2.9
Factors that influence User Security Behavior
35
2.10
Insider Threat Prediction Model
39
2.11
Relation between Threats, Countermeasure,
Human Factors, Behaviors
41
3.1
Operational Framework of the Research
57
4.1
Conceptual Framework Human Behavior to
Mitigate of Insider Threat
65
Influencing information security behavior and
cultivating an information security culture.
67
5.1
Motivation by increasing employee’s salary
73
5.2
Rewards for employees
74
5.3
Facilities for Employees
75
5.4
Attitude of employees in an organization
76
5.5
Trust in an organizational culture
77
5.6
Security awareness
79
5.7
Employee skills
80
5.8
Security Knowledge
81
5.9
Security policies in an Organization
82
4.2
xv
5.10
Capability
84
5.11
Opportunity
85
5.12
Proposed Framework of Human Behavior to
mitigate the Insider Threat
95
xvi
LIST OF APPENDICES
APPENDIX
TITLE
PAGE
A
Questionnaire Form
104
B
Answered Questionnaire Form
111
C
Interview Form
118
Related documents
ACcounting theory assignment #2
ACcounting theory assignment #2
What makes Pressure Group successful?
What makes Pressure Group successful?
Topics - tri
Topics - tri
The Threat
The Threat
Promotional Powerpoint
Promotional Powerpoint
Download
advertisement