Insider Threat

This project is looking at defining, analyzing, and seeking methods of ameliorating the insider threat. Whereas security has traditionally been defined with respect to a perimeter, using static and binary access control decisions, we assert that such a perimeter no longer exists and that traditional access control techniques inhibit authorized users from performing their job. We define the “insider threat” as a combination of (a) access to a particular resource, (b) knowledge of a particular resource, and/or © trust of an individual by a particular organization. Moreover, the insider threat is clearly also not binary, but a spectrum of “insiderness” based on the aforementioned qualities. In the past, we have sought to develop access control solutions that integrate this understanding in combination while also being informed by social science of how users may react most optimally to system access control and countermeasures. More recently, we have used a process modeling and analysis approach in the context of elections to evaluate insider threats.

More information is available at the UC Davis Insider Threat project web site.