| Insider threats pose one of the most significant risks to the confidentiality, integrity, and availability of organizational data assets that are critical to the operation of the business. While considerable infrastructure is generally in place to protect critical data from attacks originating from outside sources, much fewer resources are in place that are focused on mitigating the threat of malicious insiders. Because insiders are trusted and have required access to these critical data, the insider threat is a particular pernicious and vexing problem.;The risk of attacks originating from insiders is exacerbated by the lack of tools that are available to counteract this risk and this work helps solve the problem. Proactive means of implementing automatic identification features of mission-critical data and deploying honeytokens in known areas where critical data resides, as well as reactive means of identifying potential insider threats to critical data once certain suspicious actions have occurred are utilized. The work performed is primarily focused on database and RFID-based systems, though the techniques are applicable to a wide range of domains. Several new algorithms are proposed, designed, tested, and deployed in order to show the merits of these methods. This work serves as an additional tool to the computer security industry and security engineers in the field that wish to focus limited resources on one of the largest security threats: trusted insiders abusing mission-critical data. The results show that with the proper foresight to plan for insider threats before incidents occur, critical data assets can be identified and protected effectively with the novel methods defined in this work. |
