Accession Number:

ADA453929

Title:

Development of a Malicious Insider Composite Vulnerability Assessment Methodology

Descriptive Note:

Master's thesis

Corporate Author:

AIR FORCE INST OF TECHNOLOGY WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT

Personal Author(s):

Report Date:

2006-06-01

Pagination or Media Count:

105.0

Abstract:

Trusted employees pose a major threat to information systems. Despite advances in prevention, detection, and response techniques, the number of malicious insider incidents and their associated costs have yet to decline. There are very few vulnerability and impact models capable of providing information owners with the ability to comprehensively assess the effectiveness an organizations malicious insider mitigation strategies. This research uses a multi-dimensional approach content analysis, attack tree framework, and an intent driven taxonomy model are used to develop a malicious insider Decision Support System DSS tool. The DSS tools utility and applicability is demonstrated using a notional example. This research gives information owners data to more appropriately allocate scarce security resources.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE