How Much is Risk Increased by Sharing Credential in Group?
Lecture Notes in Computer Science(2017)
摘要
Insider threats are one of the biggest issues in information management. In practice, the hardest challenge is protecting information assets from malicious insiders. There have been many studies to clarify the factors influencing insiders to perform malicious activities. However, a user study based on a questionnaire cannot be expected to reveal the honest opinions of potential malicious insiders who may give false answers to such studies. In addition, it is hard to observe the comprehensive searches of malicious activities in insider incidents, because available data about incidents are limited. To overcome the difficulties in studying malicious activities in insider threats, we propose a new approach employing epidemiological methodologies with (1) risk amplification, and (2) a logistic model for malicious insiders. We employed a total of 200 subjects from crowd-sourcing services and observed every step that they employed to perform a given task in an environment motivating them to malicious activities (risk amplification). We applied a logistic regression to identify the odds ratio of in favor of malicious activity among those exposed to a factor divided by the odds when not exposed to it. Our experiment shows that a credential shared in group increases the risk of malicious insiders by 3.28 with statistical significance (p < 0.1).
更多查看译文
关键词
credential,risk,group,sharing
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要