scholarly journals Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat

2014 ◽  
Author(s):  
Oliver Buckley ◽  
Jason R.C. Nurse ◽  
Philip A. Legg ◽  
Michael Goldsmith ◽  
Sadie Creese
Keyword(s):  
Security Policy ◽  
Insider Threat ◽  
Enterprise Security

Employee Surveillance Based on Free Text Detection of Keystroke Dynamics

2009 ◽  
pp. 47-63 ◽  
Author(s):  
Ahmed Awad E. Ahmed
Keyword(s):  
Security Policy ◽  
Traditional Approach ◽  
Employee Performance ◽  
Text Detection ◽  
User Profiling ◽  
Insider Threat ◽  
Free Text ◽  
Keystroke Dynamics ◽  
Governmental Organizations ◽  
Monitoring Tools

In recent years, many studies have highlighted the unprecedented growth in security threats from multiple and varied sources faced by corporate, as well as governmental organizations. People inside the organization with ready access to confidential or proprietary data can easily violate the organization security policy, maliciously or inadvertently, without being caught. In order to protect their reputation and valuable assets, many organizations take the dramatic but necessary step of deploying and operating employee surveillance and monitoring tools within their network perimeters. In this chapter, we discuss employee surveillance schemes from both technological and legal perspectives. We argue that keystroke dynamics could be used to fight effectively against insider threat, and as such it could play an important role in employee surveillance. We present a keystroke recognition scheme based on free text detection that goes beyond the traditional approach of using keystroke dynamics for authentication or employee performance evaluation, and consider using such information for dynamic user profiling. The generated profiles can be used to identify reliably perpetrators in the event of security breach. Such form of user profiling provides a very effective way of combating insider threat that is less intrusive to individual privacy.

IT Governance and Enterprise Security Policy

2007 ◽  
pp. 123-150
Author(s):  
Brian T. Contos ◽  
William P. Crowell ◽  
Colby DeRodeff ◽  
Dan Dunkel ◽  
Eric Cole ◽  
...  
Keyword(s):  
Security Policy ◽  
It Governance ◽  
Enterprise Security

Network Security Policy Automation

2022 ◽  
pp. 83-112
Author(s):  
Myo Zarny ◽  
Meng Xu ◽  
Yi Sun
Keyword(s):  
Artificial Intelligence ◽  
Machine Learning ◽  
Big Data ◽  
Network Security ◽  
Security Policy ◽  
Learning Technologies ◽  
Use Cases ◽  
Hybrid Cloud ◽  
Cloud Environments ◽  
Enterprise Security

Network security policy automation enables enterprise security teams to keep pace with increasingly dynamic changes in on-premises and public/hybrid cloud environments. This chapter discusses the most common use cases for policy automation in the enterprise, and new automation methodologies to address them by taking the reader step-by-step through sample use cases. It also looks into how emerging automation solutions are using big data, artificial intelligence, and machine learning technologies to further accelerate network security policy automation and improve application and network security in the process.

Employing Dynamic Models to Enhance Corporate IT Security Policy

2012 ◽  
Vol 4 (2) ◽  
pp. 42-59
Author(s):  
Nathan A. Minami
Keyword(s):  
Security Policy ◽  
Dynamic Models ◽  
Insider Threat ◽  
Dynamics Modeling ◽  
Patriot Act ◽  
Individual Agent ◽  
Agent Behavior ◽  
System A ◽  
The Government ◽  
Government Surveillance

Since 9/11 and the creation of the U.S. Patriot Act, the intrusion of government surveillance into the lives of ordinary Americans has become a topic of great concern to many citizens. While many Americans view surveillance as a necessity in the name of national security, the government is not the only organization conducting surveillance. As technological capacity increases, an increasing number of employers are implementing technologies that allow them to maintain vigilance over the actions of their employees in the workplace. Despite many attempts to implement surveillance technologies, there is little evidence that companies are any safer now than they were ten years ago. This paper demonstrates how System Dynamics modeling can be utilized to help model the insider threat as a system. It provides analysis of the non-linear affect of decision making, assessing the 2nd, 3rd, and 4th order impacts of decisions, and demonstrates the important impact of delays in the system. A mathematical model is presented and simulations are conducted to determine the likely affect of company decisions and individual agent behavior.

Security Policy of Data in Enterprise Data Trusteeship Database

2011 ◽  
Vol 187 ◽  
pp. 358-361
Author(s):  
Hua Jiang ◽  
Jing Wen
Keyword(s):  
Data Storage ◽  
Data Security ◽  
Security Policy ◽  
Maintenance Cost ◽  
Medium Size ◽  
Two Phase ◽  
Security Problem ◽  
Service Data ◽  
And Coping ◽  
Enterprise Security

As the low maintenance cost of data trusteeship, more and more medium-size and small size enterprises choose data trusteeship service. Data is valuable fortune of enterprise, security of enterprise data must be guaranteed in the condition of together using a same host. Data security includes data transmission security, data storage security and confidentiality security. The paper discusses the security problem and coping strategy of database data in a data trusteeship environment. Two-phase sub-keys encryption algorithm is used to encrypt the data and also analysis its usability and security. The realized method is further presented. The algorithm solves the data security problem of database in a data trusteeship environment effectively and further enhances the security of database data.

scholarly journals From keyboard to cloud-base network revamped data lifecycle cybersecurity

2021 ◽  
Vol 11 (3) ◽  
pp. 226-233
Author(s):  
Amadi Chukwuemeka Augustine ◽  
Juliet Nnenna Odii ◽  
Stanley A Okolie
Keyword(s):  
Security Policy ◽  
Business Processes ◽  
Good Practice ◽  
Building Blocks ◽  
Cloud Base ◽  
Data Life Cycle ◽  
Acceptable Use Policy ◽  
Security Infrastructure ◽  
Enterprise Security ◽  
Functional Components

This paper review seeks to identify the need for a revamped data life cycle security in the era of pervasive threat from skill cyber criminals at this time of internet of things. The motivation is to fill the knowledge gap by presenting some of the ways of data leakages and the likely protection in the organization. The aim is to present a good practice that encourages data confidentiality, acceptable use policy, knowledge of personnel and physical security policy. The building blocks of information security infrastructure across the entire organization is implemented by Enterprise Security Architecture. Rather than focus on individual functional and non-functional components in an individual application, it focuses on a strategic design for a set of security services that can be leveraged by multiple applications, systems, or business processes.

Network Security Policy Automation

2018 ◽  
pp. 232-261
Author(s):  
Myo Zarny ◽  
Meng Xu ◽  
Yi Sun
Keyword(s):  
Artificial Intelligence ◽  
Machine Learning ◽  
Big Data ◽  
Network Security ◽  
Security Policy ◽  
Learning Technologies ◽  
Use Cases ◽  
Hybrid Cloud ◽  
Cloud Environments ◽  
Enterprise Security

Network security policy automation enables enterprise security teams to keep pace with increasingly dynamic changes in on-premises and public/hybrid cloud environments. This chapter discusses the most common use cases for policy automation in the enterprise, and new automation methodologies to address them by taking the reader step-by-step through sample use cases. It also looks into how emerging automation solutions are using big data, artificial intelligence, and machine learning technologies to further accelerate network security policy automation and improve application and network security in the process.

Sign in / Sign up

Export Citation Format

Share Document