Dagstuhl Seminar 10341
Insider Threats: Strategies for Prevention, Mitigation, and Response
( Aug 22 – Aug 26, 2010 )
Permalink
Organizers
- Matt Bishop (University of California - Davis, US)
- Lizzie Coles-Kemp (Royal Holloway University of London, GB)
- Dieter Gollmann (TU Hamburg-Harburg, DE)
- Jeffrey Hunker (Point Park University - Pittsburgh, US)
- Christian W. Probst (Technical University of Denmark - Lyngby, DK)
Contact
The Dagstuhl seminar “Insider Threats: Strategies for Prevention, Mitigation and Response” was held on August 22 – 26, 2010 (Seminar #10341,) to advance our understanding of ways of reducing insider threats. The insider threat is cited in many studies as the most serious security problem facing organizations. Insider threats are particularly difficult to deal with because insiders have legitimately empowered knowledge of the organization and its systems, and therefore malicious and benign actions by insiders are hard to distinguish
The 2010 seminar built on the results of its predecessor from 2008 (Countering Insider Threats, #08302). In this seminar we developed a shared,inter-disciplinary definition of the insider 1 and a good formulation for a taxonomy or framework that characterizes insider threats. The seminar also began to explore how organizational considerations might better be incorporated into addressing insider threats.
The purpose of the 2010 seminar was to make progress towards an integrated framework for selecting among and evaluating the impact of alternative security policies against insider threats. An integrated framework, we recognized, needs to include issues not considered in insider work before, such as the economics of insider threats, and the role of law as both a preventative and punitive instrument. We saw the need for creating and testing alternative integrated frameworks so that practitioners and researchers could make informed choices as to combinations of actions targeted at insider threats, and also the need for methods to evaluate the effectiveness of these actions.
The Dagstuhl seminar on strategies for prevention, mitigation, and response with respect to insider threats explored all these areas through discussions and presentations based on input from different and divert communities.
The purpose of the 2010 seminar was to make progress towards an integrated framework for selecting among and evaluating the impact of alternative security policies against insider threats. An integrated framework, we recognized, needs to include issues not considered in insider work before, such as the economics of insider threats, and the role of law as both a preventative and punitive instrument. We saw the need for creating and testing alternative integrated frameworks so that practitioners and researchers could make informed choices as to combinations of actions targeted at insider threats, and also the need for methods to evaluate the effectiveness of these actions.
The goal of the seminar was to develop a taxonomy for identifying insider threats and an integrated approach that allows a qualitative reasoning about the threat and the possibilities of attacks. We expected this to result allow us to develop a deeper understanding of security policies and how to evaluate them.
During the seminar, all these issues were inspected and scrutinized, resulting in a better appreciation of social and organizational factors relevant to insider threats, and addressing important questions in related areas.
We would like to thank all participants of the seminar for making it a fruitful and inspiring event—and especially Dagstuhl’s wonderful staff, for their endless efforts, both before and during the seminar, to make the stay in Dagstuhl as successful as it has been.
- Andre Adelsbach (Telindus S.A. - Luxemburg, LU)
- Saurabh Arora (Hasso-Plattner-Institut - Potsdam, DE)
- Samuel Burri (IBM Research GmbH - Zürich, CH)
- Lizzie Coles-Kemp (Royal Holloway University of London, GB) [dblp]
- Laura Corriss (Barry University - Miami Shores, US)
- Trajce Dimkov (University of Twente, NL) [dblp]
- Ulrich Flegel (University of Applied Sciences - Stuttgart, DE) [dblp]
- Carrie Gates (CA Labs - Islandia, US) [dblp]
- Dieter Gollmann (TU Hamburg-Harburg, DE) [dblp]
- Jose J. Gonzalez (University of Agder - Grimstad, NO)
- Steven Greenwald (Independent Infosec Consultant, US)
- Frank L. Greitzer (Pacific Northwest National Lab. - Richland, US) [dblp]
- Pieter H. Hartel (University of Twente, NL) [dblp]
- Jeffrey Hunker (Point Park University - Pittsburgh, US)
- Erland Jonsson (Chalmers UT - Göteborg, SE)
- Volker Kozok (Bundesministerium der Verteidigung - Bonn, DE)
- Carl E. Landwehr (McLean, US) [dblp]
- Gabriele Lenzini (University of Luxembourg, LU) [dblp]
- Karl N. Levitt (University of California - Davis, US)
- George Magklaras (University of Plymouth, GB)
- Jan Meier (TU Hamburg-Harburg, DE)
- Jörg Meyer (Köln, DE)
- Vebjørn Moen (VMIT AS - Tau, NO)
- Andrew P. Moore (Carnegie Mellon University - Pittsburgh, US) [dblp]
- Steven Murdoch (University of Cambridge, GB)
- Peter G. Neumann (SRI - Menlo Park, US) [dblp]
- Richard Overill (King's College London, GB)
- Sachar Paulus (FH Brandenburg an der Havel, DE) [dblp]
- Dusko Pavlovic (Royal Holloway University of London, GB) [dblp]
- Sean Peisert (University of California - Davis, US) [dblp]
- Wolter Pieters (TU Delft, NL) [dblp]
- Joachim Posegga (Universität Passau, DE) [dblp]
- Christian W. Probst (Technical University of Denmark - Lyngby, DK) [dblp]
- Kai Rannenberg (Goethe-Universität Frankfurt am Main, DE) [dblp]
- Peter Y. A. Ryan (University of Luxembourg, LU) [dblp]
- René Rydhof Hansen (Aalborg University, DK)
- Martina Angela Sasse (University College London, GB) [dblp]
- Marianthi Theoharidou (Athens University of Economics and Business, GR)
- Claire Vishik (Intel - London, GB) [dblp]
- Alec Yasinsac (University of South Alabama, US)
- Lenore D. Zuck (University of Illinois - Chicago, US) [dblp]
Related Seminars
Classification
- Security
- Society
- Modelling
Keywords
- Insider Threat
- Security Policies
- Threat Modelling