Using budget-based access control to manage operational risks caused by insiders

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 1, Issue 1, 2010, Pages 29-45

  Liu, Debin ^a   Camp, L Jean ^a   Wang, Xiaofeng ^a   Wang, Lusha ^a  

^a INDIANA UNIVERSITY   (United States)

Author keywords

Access control; Humansubject experiment; Incentive engineering; Insider threat; Risk management

Indexed keywords

EID: 80052636737     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (22)

1. A. Yemini, D. Dailianas, Florissi, and G. Huberman. Marketnet: Market-based protection of information systems. In The 12th Int. Symp. on Dynamic Games and Applications, 2006.
2. MITRE Corporation. Horizontal integration: Broader access models for realizing information dominace. Technical Report JSR-04-132, JASON Defense Advisory Panel Reports, 2004.
3. Pau-Chen Cheng, Pankaj Rohatgi, Claudia Keser, Paul A. Karger, Grant M. Wagner, and Angela Schuett Reninger. Fuzzy mls: An experiment on quantified risk-adaptive access control. In IEEE Symposium on Security and Privacy, pages 222-230, 2007.
4. I. Molloy, P. Cheng, and P. Rohatgi. Trading in risk: Using markets to improve access control. In New Security Paradigms Workshop, Olympic, California, September 2008. Applied Computer Security Associates.
5. Insider may have breached more than 10000 patient records at johns hopkins, May 2009.
6. Wearden. The biggest rogue traders in history, January 2008.
7. Joel Predd, Shari Lawrence Pfleeger, Jeffrey Hunker, and Carla Bulford. Insiders behaving badly. IEEE Security and Privacy, 6(4):66-70, 2008.
8. Nalneesh Gaur, Jason Gaswirth, and Linda Najim. Notes on a scandal: Lessons in operational risk management from societe generale. Technical report, Diamond Management and Technology Consultants, Inc., 2008.
9. Debin Liu, XiaoFeng Wang, and L. Jean Camp. Mitigating inadvertent insider threats with incentives. In The proceeding of Financial Cryptography and Data Security, February 2009.
10. Mario Scalora and Denise Bulling, editors. Developing Threat Assessment Best Practice Standards: Lever-aging Behavioral Science Strategies to Enhance Decision-Making, February 2007. Open source literature review in partial fulfillment of Subcontract Number: MSMA-07-00001.
11. M. Keeney, E. Kowalski, D. Cappelli, A. Moore, T. Shimeall, and S Rogers. Insider threat study: Computer system sabotage in critical infrastructure sectors. May 2005.
12. Nam T. Nguyen, Peter L. Reiher, and Geoffrey H. Kuenning. Detecting insider threats by monitoring system call activity. pages 45-52. IEEE, 2003.
13. Ramkumar Chinchani, Anusha Iyer, Hung Ngo Q., and Shambhu Upadhyaya. A target-centric formal model for insider threat and more. October 2004.
14. Brad Wood. An insider threat model for adversary simulation. In R. H. Anderson, T. Bozek, T. Longstaff, W. Meitzler, M. Skroch, and K. V. Wyk, editors, Research on mitigating the insider threat to information systems, Pittsburg, PA, 2000. RAND Corporation.
15. D. M. Cappelli, A. G. Desai, A. P. Moore, T. J. Shimeall, E. A. Weaver, and B. J. Willke. Management and education of the risk of insider threat (merit): System dynamics modeling of computer system sabotage. In The International Conference of the System Dynamics Society, Nijmegen, The Netherlands, July 2006.
16. Marisa Reddy Randazzo, Dawn M. Cappelli, Michelle M. Keeney, Andrew P. Moore, and Eileen F. Kowalski. Insider threat study: Illicit cyber activity in the banking and finance sector. Technical report, 2004.
17. Farzaneh Asgharpour, Debin Liu, and L. Jean Camp. Mental models of security risks. In Sven Dietrich and Rachna Dhamija, editors, Financial Cryptography, volume 4886 of Lecture Notes in Computer Science, pages 367-377. Springer, 2007.
18. Andreas Schaad, Jonathan Moffett, and Jeremy Jacob. The role-based access control system of a European bank: A case study and discussion. In In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 3-9. ACM Publish, 2001.
19. Basel Committee on Banking Supervision. International convergence of capital measurement and capital standards. Technical report, Bank for International Settlements, Basel II, June 2006.
20. Robert J. Bloomfield and Maureen O'Hara. Market transparency: Who wins and who loses? Review of Financial Studies, 12(1), 1998.
21. Mark D. Flood, Ronald Huisman, Kees C.G. Koedijk, and Ronald J. Mahieu. Quote disclosure and price discovery in multiple dealer financial markets. Review of Financial Studies, 12(1), 1998.
22. Day trading risk management, 2009.