http://www.dagstuhl.de/10341

August 22 – 26 , 2010, Dagstuhl Seminar 10341

Insider Threats: Strategies for Prevention, Mitigation, and Response

Organizers

Matt Bishop (University of California – Davis, US)
Lizzie Coles-Kemp (Royal Holloway University of London, GB)
Dieter Gollmann (TU Hamburg-Harburg, DE)
Jeffrey Hunker (Point Park University – Pittsburgh, US)
Christian W. Probst (Technical University of Denmark – Lyngby, DK)

For support, please contact

Dagstuhl Service Team

Documents

Dagstuhl Seminar Proceedings DROPS
List of Participants

Summary

The Dagstuhl seminar “Insider Threats: Strategies for Prevention, Mitigation and Response” was held on August 22 – 26, 2010 (Seminar #10341,) to advance our understanding of ways of reducing insider threats. The insider threat is cited in many studies as the most serious security problem facing organizations. Insider threats are particularly difficult to deal with because insiders have legitimately empowered knowledge of the organization and its systems, and therefore malicious and benign actions by insiders are hard to distinguish

The 2010 seminar built on the results of its predecessor from 2008 (Countering Insider Threats, #08302). In this seminar we developed a shared,inter-disciplinary definition of the insider 1 and a good formulation for a taxonomy or framework that characterizes insider threats. The seminar also began to explore how organizational considerations might better be incorporated into addressing insider threats.

The purpose of the 2010 seminar was to make progress towards an integrated framework for selecting among and evaluating the impact of alternative security policies against insider threats. An integrated framework, we recognized, needs to include issues not considered in insider work before, such as the economics of insider threats, and the role of law as both a preventative and punitive instrument. We saw the need for creating and testing alternative integrated frameworks so that practitioners and researchers could make informed choices as to combinations of actions targeted at insider threats, and also the need for methods to evaluate the effectiveness of these actions.

The Dagstuhl seminar on strategies for prevention, mitigation, and response with respect to insider threats explored all these areas through discussions and presentations based on input from different and divert communities.

The purpose of the 2010 seminar was to make progress towards an integrated framework for selecting among and evaluating the impact of alternative security policies against insider threats. An integrated framework, we recognized, needs to include issues not considered in insider work before, such as the economics of insider threats, and the role of law as both a preventative and punitive instrument. We saw the need for creating and testing alternative integrated frameworks so that practitioners and researchers could make informed choices as to combinations of actions targeted at insider threats, and also the need for methods to evaluate the effectiveness of these actions.

The goal of the seminar was to develop a taxonomy for identifying insider threats and an integrated approach that allows a qualitative reasoning about the threat and the possibilities of attacks. We expected this to result allow us to develop a deeper understanding of security policies and how to evaluate them.

During the seminar, all these issues were inspected and scrutinized, resulting in a better appreciation of social and organizational factors relevant to insider threats, and addressing important questions in related areas.

We would like to thank all participants of the seminar for making it a fruitful and inspiring event—and especially Dagstuhl’s wonderful staff, for their endless efforts, both before and during the seminar, to make the stay in Dagstuhl as successful as it has been.

Dagstuhl Seminar Series

Classification

  • Security
  • Society
  • Modelling

Keywords

  • Insider Threat
  • Security Policies
  • Threat Modelling

Book exhibition

Books from the participants of the current Seminar 

Book exhibition in the library, ground floor, during the seminar week.

Documentation

In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.

 

Download overview leaflet (PDF).

Publications

Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.

NSF young researcher support