A SYSTEMS-BASED APPROACH TO INSIDER SECURITY*

Malicious insiders represent the most capable of potential security threats to any organization. This threat ranges from petty theft and fraud to espionage and terrorism. Organizational and societal costs are immense, up to and including national security breaches. Insider attacks continue to be discovered, indicating that many current protection strategies can be defeated. Many organizations and agencies have a keen interest in this problem, as well as a need to demonstrate effective insider security simultaneously with operational efficiency. Previous efforts have focused on characterizing the insider threat, including motives and traits of insiders; analysis of reported insider incidents; and advanced detection strategies. Current protection strategies are expensive, intrusive, not systematically implemented, and operate independently. Individual protection approaches demonstrate varying levels of effectiveness, but no understanding of integrated protections or overall effective insider security for a given facility. This paper discusses research to support the development of a systems-based approach for insider security. In taking a systems-based approach, this effort seeks to view the problem as more than detection, and instead to comprehensively consider all operational activities. The entire organization is viewed as a system that includes components that not only provide protection against the insider threat, but also influence the insider’s characteristics, motives and capabilities. Key components of the system include protections provided by traditional physical protection and cyber security systems. From a systems standpoint, the employee population is also a key component of the system. This paper reviews the insider threat and existing measures used to address it, and provides an overview of basic systems engineering methods and an initial description of the development of a more fully-functional systems-based approach for insider security. Ultimately, the objective of this work is to develop a systems-based process with principles, methods, tools, and practices for designing, evaluating and operating security systems that are resistant to insider threats.