Insider threats can pose a great risk to organizations and by their
very nature are difficult to protect against. Auditing and system
logging are capabilities present in most operating systems and can
be used for detecting insider activity. However, current auditing
methods are typically applied in a haphazard way, if at all, and
are not conducive to contributing to an effective insider threat
security policy. This research develops a methodology for designing
a customized auditing and logging template for a Linux operating
system. An intent-based insider threat risk assessment methodology
is presented to create use case scenarios tailored to address an
organization's specific security needs and priorities. These
organization specific use cases are verified to be detectable via
the Linux auditing and logging subsystems and the results are
analyzed to create an effective auditing rule set and logging
configuration for the detectable use cases. Results indicate that
creating a customized auditing rule set and system logging
configuration to detect insider threat activity is possible.
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!