Positive and Negative Findings of the ISO/IEC 17799 Framework

The ISO/IEC 17799 standard is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. To study this issue, this study analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 standard. Through semi-structured interviews, the results of the study suggest that clients’ needs and competitive advantage are the major reasons for implementing the standard. Furthermore, the implementation of the standard has increased the understanding of information security in all personnel groups and the understanding of security has broadened from the technical aspects to corporate security. As downsides of implementing the ISO/IEC 17799 standard, the costs and increased amount of work were mentioned as the worst. In addition, the difficulties in deploying the standard, and the readability of the standard were criticised. The standard was also criticised because it does not directly affect the quality of the end product or service; it only has an indirect effect owing to the improved information security practices

Insider Threat Detection using Profiling and Cyber-persona Identification

Nowadays, insider threats represent a significant concern for government and business organizations alike. Over the last couple of years, the number of insider threat incidents increased by 47%, while the associated cost increased by 31%. In 2019, Desjardins, a Canadian bank, was a victim of a data breach caused by a malicious insider who exfiltrated confidential data of 4.2 million clients. During the same year, Capital One was also a victim of a data breach caused by an insider who stole the data of approximately 140 thousand credit cards. Thus, there is a pressing need for highly-effective and fully-automatic insider threat detection techniques to counter these rapidly increasing threats. Also, after detecting an insider threat security event, it is essential to get the full details on the entities causing it and to gain relevant insights into how to mitigate and prevent such events in the future. In this thesis, we propose an elaborated insider threat detection system leveraging user profiling and cyber-persona identification. We design and implement the system as a framework that employs a combination of supervised and unsupervised machine learning and deep learning techniques, which allow modelling the normal behaviour of the insiders passively by analyzing their network traffic. We can deploy the framework as part of online traffic monitoring solutions for insider profiling and cyber-persona identification as well as for detecting anomalous network behaviours. The different models employed are assessed using specific metrics such as Accuracy, F1 score, Recall and Precision. The conducted experimental evaluation indicates that the proposed framework is efficient, scalable, and suitable for near-real-time deployment scenarios

A study of insider threat behaviour: developing a holistic insider threat model

This study investigates the factors that influence the insider threat behaviour. The research aims to develop a holistic view of insider threat behaviour and ways to manage it. This research adopts an Explanatory Mixed Methods approach for the research process. Firstly, the researcher collects the quantitative data and then the qualitative data. In the first phase, the holistic insider threat model is developed; in the second phase, best practices are developed to manage the threat