Enemies within: The problem of insider attacks

Computer Fraud and Security

Volumn 2004, Issue 7, 2004, Pages 6-11

  Furnell, Steven ^a  

^a UNIVERSITY OF PLYMOUTH   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER VIRUSES; COMPUTER WORMS; DATABASE SYSTEMS; INTERNET; LAWS AND LEGISLATION; SECURITY SYSTEMS; SPAMMING;

INSIDER ATTACKS; MALWARE INCIDENTS; MISUSE-BASED DETECTION; SECURITY DOMAINS;

SECURITY OF DATA;

EID: 3142683286     PISSN: 13613723     EISSN: None     Source Type: Journal    
DOI: 10.1016/S1361-3723(04)00087-9     Document Type: Article

References (16)

1. Neumann, P.G. 1999. "The Challenges of Insider Misuse", article prepared for the Workshop on Preventing, Detecting and Responding to Malicious Insider Misuse, RAND, Santa Monica, 16-18 August 1999. http://www.csl.sri.com/ users/neumann/pgn-misuse.html .
2. DTI. 2004. Information Security Breaches Survey 2004. Department of Trade & Industry, April 2004. URN 04/617.
3. Leyden, J. 2002. "P45s for Porn Surfers", The Register, 9 July 2002.
4. Sturgeon, W. 2003. "Is your email safe from prying eyes?", silicon.com, 20 March 2003.
5. Richardson R. 2003, 2003 CSI/FBI Computer Crime and Security Survey, Computer Security Institute. 2003;Spring.
6. Anderson J.P. Computer Security Threat Monitoring and Surveillance. 1980;James P. Anderson Co. Fort Washington, PA. (Apr.).
7. Schultz E. "Disgruntled employee sentenced to 41 months in prison", Computers & Security. 21:(no. 3):2002;p206.
8. BBC. 1998. "Defence lab in Net porn scandal", BBC News Online, 21 June 1998.
9. BBC. 2003. "Tax records 'for sale' scandal", BBC News Online, 16 January 2003.
10. Shaw, E.D., Ruby, K.G. and Post, J.M. 1998. "The Insider Threat to Information Systems: The Psychology ofthe Dangerous Insider", Security Awareness Bulletin, 2-98, pp27-46.
11. Magklaras G.B., Furnell S.M. "Insider Threat Prediction Tool:use", Computers & Security. 21:(no 1):2002;62-73.
12. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E. "Role-based access control models" IEEE Computer. 29:(2):1996;38-47.
13. Chung, C.Y., Gertz, M. and Levitt, K. 1999. "DEMIDS: A Misuse Detection System for Database Systems", in Proceedings of the 3rd International Working Conference on Integrity and Internal control in Information Systems, Amsterdam, The Netherlands, 18-19 November 1999.
14. Low, W.L., Lee, J. and Teoh, P. 2002. "DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions". in Proceedings of the 4th International Conference on Enterprise Information Systems, Ciudal Real, Spain, 2-6 April 2002, pp121-128.
15. Phyo, A.H., Furnell, S. and Ifeachor, E. 2004. "A framework for monitoring insider misuse of IT applications", in Proceedings of Information Security South Africa 2004, Johannesburg, South Africa, 30 June - 2 July 2004.
16. BSI. 2001. Information technology. Code of practice for information security management. BS ISO/IEC 17799:2000. British Standards Institution, 15 February 2001. ISBN 0 580 36958 7.