1 research outputs found
Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures
Insider threats are one of today's most challenging cybersecurity issues that
are not well addressed by commonly employed security solutions. Despite several
scientific works published in this domain, we argue that the field can benefit
from the proposed structural taxonomy and novel categorization of research that
contribute to the organization and disambiguation of insider threat incidents
and the defense solutions used against them. The objective of our
categorization is to systematize knowledge in insider threat research, while
leveraging existing grounded theory method for rigorous literature review. The
proposed categorization depicts the workflow among particular categories that
include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations,
and 4) Defense solutions. Special attention is paid to the definitions and
taxonomies of the insider threat; we present a structural taxonomy of insider
threat incidents, which is based on existing taxonomies and the 5W1H questions
of the information gathering problem. Our survey will enhance researchers'
efforts in the domain of insider threat, because it provides: a) a novel
structural taxonomy that contributes to orthogonal classification of incidents
and defining the scope of defense solutions employed against them, b) an
updated overview on publicly available datasets that can be used to test new
detection solutions against other works, c) references of existing case studies
and frameworks modeling insiders' behaviors for the purpose of reviewing
defense solutions or extending their coverage, and d) a discussion of existing
trends and further research directions that can be used for reasoning in the
insider threat domain