Accession Number:

ADA636508

Title:

Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage

Descriptive Note:

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Personal Author(s):

Report Date:

2011-04-01

Pagination or Media Count:

12.0

Abstract:

This paper describes the development and proposed application of a Security Information and Event Management SIEM signature to detect possible malicious insider activity leading to IT sabotage. In the absence of a uniform, standardized event logging format, this paper presents the signature in two of the most visible public formats, Common Event Framework CEF and Common Event Expression CEE. Because of the limitations of these formats, the SIEM described in this paper employs an operational version of the proposed signature in an ArcSight environment.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE