Title: A new taxonomy of insider threats: an initial step in understanding authorised attack

Authors: Mohammed Nasser Al-Mhiqani; Rabiah Ahmad; Zaheera Zainal Abidin; Warusia Mohamed Yassin; Aslinda Hassan; Ameera Natasha Mohammad; Nathan L. Clarke

Addresses: Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia ' Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia ' Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia ' Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia ' Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia ' Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Melaka, Malaysia ' Centre for Security, Communications and Network Research, Plymouth University, Plymouth, England

Abstract: Insider threat represents one of the greatest challenges in the cyber security world. Insider attackers have more privileged and legitimate access to the information and facilities, compared to the outsider attackers. In fact, insider attacker has more accessibilities and higher potential to bring huge damage to the organisation. However, the behaviour of the insider attacker generates many questions to ponder before a new taxonomy is created. Therefore, the main objective of this paper is two-fold: a) to classify the insider threat for better understanding; b) propose a new taxonomy for insider threat with terminologies. To obtain the objective, the process starts with collecting and classifying the evident. Then, this study presents a hybrid insider threat classification based on combining insider threat access, motivation, indicator, types and actions, profile categorisation, methods, and detection techniques. With the insights afforded by looking more closely at conceptual understanding, we describe how classification of insider threat may effectively be used in insider threat detection.

Keywords: insider threat; insider threat detection; security; classification.

DOI: 10.1504/IJISAM.2018.094777

International Journal of Information Systems and Management, 2018 Vol.1 No.4, pp.343 - 359

Received: 05 May 2018
Accepted: 11 May 2018
Published online: 15 Sep 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article