http://www.dagstuhl.de/12501

December 9 – 12 , 2012, Dagstuhl Seminar 12501

Organizational Processes for Supporting Sustainable Security

Organizers

Lizzie Coles-Kemp (Royal Holloway University of London, GB)
Carrie Gates (CA Labs – Islandia, US)
Dieter Gollmann (TU Hamburg-Harburg, DE)
Jeffrey Hunker (Point Park University – Pittsburgh, US)
Sean Peisert (University of California – Davis, US)

For support, please contact

Dagstuhl Service Team

Documents

Dagstuhl Report, Volume 2, Issue 12 Dagstuhl Report
List of Participants
Shared Documents

Summary

The Dagstuhl seminar "Designing for process resilience to insider threats" was held on December 10--12th December, 2012 (Seminar #12501) to advance our understanding of ways of reducing insider threats through the design of resilient organizational processes.

The 2012 seminar built on the results of its predecessor from 2010 ( Insider Threats: Strategies for Prevention, Mitigation, and Response, #10341.) In this seminar we developed a shared, inter-disciplinary definition of the insider and a good formulation for a taxonomy or framework that characterizes insider threats. The seminar also began to explore how organizational considerations might better be incorporated into addressing insider threats.

The purpose of the 2012 seminar was to build on the understanding of the classification of the insider threat as a type of informed threat and the design requirements for tools and policies to respond to this category of threat that we had gained from the 2008 and 2010 Dagstuhl seminars on insider threats (Countering Insider Threats, #08302, and Insider Threats: Strategies for Prevention, Mitigation, and Response, #10341). Our goal was to explore what makes organizational processes resilient to insider threats. The exploration of organizational processes required us to consider the fluid set of informed actors against organizations whose processes and boundaries can be dynamic. It also required us to conceptualise threats and vulnerabilities as "emergent". The conclusions from the previous seminars had resulted in the insight that resilient organizational processes are more resilient with respect to insider threats and more capable of limiting the damage from insider attacks. We also had the insight that resiliency appears to stem from usable, effective, and efficient security having been built into the organizational processes.

The seminar participants contained a carefully balanced mix of social and computer scientists and practitioners in order to explore the technological, organizational and social dimensions of the organizational process and its implementation. In order to productively combine the skills of the different disciplines and perspectives represented, the seminar started with a series of provocations. Debi Ashenden presented a provocation about the competing and sometimes conflicting uses of gamefication in the UK military setting. Kai-Uwe Loser presented a grounded example of personal data management practices and the conflicting perceptions of policy compliance that emerged within the example. Trish Williams presented a provocation about the value of big data in the case of electronic health data.

These design principles reflect a start point for future work on the design of organizational processes that are sustainably secure. Seminar organizers intend to produce a book that extends and explores these principles.

Dagstuhl Seminar Series

Classification

  • Modelling/Simulation
  • Security/Cryptology
  • Society/HCI

Keywords

  • Insider Threat
  • Security Policies
  • Threat Modelling

Book exhibition

Books from the participants of the current Seminar 

Book exhibition in the library, ground floor, during the seminar week.

Documentation

In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.

 

Download overview leaflet (PDF).

Publications

Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.

NSF young researcher support