Understanding the Insider Threat. Proceedings of a March 2004 Workshop
RAND CORP SANTA MONICA CA
Pagination or Media Count:
A major research thrust of the Advanced Research and Development Activity ARDA of the U.S. intelligence community IC involves information assurance A. Perhaps the greatest threat that A activities within the IC must address is the insider threat-malevolent or possibly inadvertent actions by an already trusted person with access to sensitive information and information systems. This unclassified workshop, held March 24, 2004, focused on the insider threat and possible indicators and warnings, observables, and actions to mitigate that threat. The ARDA researchers participating gave special attention to the activities, processes, and systems used within the intelligence community. A combination of plenary and breakout sessions discussed various aspects of the problem, including IC system models, vulnerabilities and exploits, attacker models, and characterization of events associated with an insider attack. A set of presentations by members of the IC and its contractors on Intelink Appendix G and such research activities as the development of Glass Box software see Appendix H and ARDAs Novel Intelligence from Massive Data NIMD research program Appendix I aided the workshop discussions. The present workshop built upon the availability of materials generated in an earlier workshop focused on the insider threat Appendix F. Several overall themes emerged from these deliberations, discussed below under the headings of Research Questions and Challenges and Databases Needed by researchers.
- Information Science
- Military Intelligence