Insider Threat Indicator Ontology

Costa, Daniel L.; Albrethsen, Michael J.; Collins, Matthew L.

Insider Threat Indicator Ontology

Active / Technical Report | Accession Number: AD1044939 |

Open PDF

Abstract:

The insider threat community currently lacks a standardized method of expression for indicators of potential malicious insider activity. We believe that communicating potential indicators of malicious insider activity in a consistent and commonly accepted language will allow insider threat programs to implement more effective controls through an increase in collaboration and information sharing with other insider threat teams. In this report, we present an ontology for insider threat indicators. We make the case for using an ontology to fill the stated gap in the insider threat community. We also describe the semi-automated, data-driven development of the ontology, as well as the process by which the ontology was validated. In the appendices, we provide the ontologys users manual and technical specification.

Author(s):

Costa, Daniel L. ; Albrethsen, Michael J. ; Collins, Matthew L.

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Descriptive Note:

Technical Report

Pagination:

0087

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-2016-TR-007

Contract/Grant Number(s):

FA8721-05-C-0003

Subject Terms

Joint Capability Areas:

JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_5_Command and Control; JCA_5.2_Understand; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_1_Force Support; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.6_Engineering; JCA_1.2_Force Preparation; JCA_1.2.3_Educating; JCA_6_Net Centric; JCA_4.6.1_General Engineering; JCA_6.4.1_Secure Information Exchange; JCA_1.2.6_Concepts; JCA_6.4_Information Assurance; JCA_5.3_Planning; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport

Communities of Interest:

Cyber

Descriptor(s):

ontology, threats computer security

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

insider threats

Report Date:

2016 May 25

Creation Date:

2018 Jan 26