Year
2008
Abstract
An insider is more dangerous than an outsider since he or she may have vital information about the facility they work at in terms of security. There are many factors that should be considered when evaluating the possibility of an insider attack. They can be classified in three categories depending on their characteristics and attributes: categories regarding administration and the facility, human-resources management and the effectiveness of security systems. We draw parameters from each category, which are comprised of two to four parameters. The total number of employees, the percentage of employees who can assess critical areas, and the attractiveness of a facility are parameters used to categorize the characteristics of a facility. For human-resources management, four parameters including the frequency of background checks on employees were selected. The security system’s effectiveness is divided into two parts: MC&A (Material Control and Accountancy) and the physical protection system. The detailed items suggested in this study can be used as components for evaluating a facility’s vulnerability against an insider attack. Key words: Insider, Quantitative method, Security system effectiveness, Modeling