nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Pervasive Monitoring as an Insider Threat

An Adapted Model

verfasst von : Dana Polatin-Reuben

Erschienen in: Human Aspects of Information Security, Privacy, and Trust

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Revelations that the United States’ National Security Agency implemented a global surveillance programme with the help of its allies have drawn increased attention to pervasive monitoring activities in general. With the Internet Engineering Task Force characterising pervasive monitoring as an advanced persistent threat, the possibility of modelling pervasive monitoring as a threat activity has been raised. This paper proposes that pervasive monitoring can be considered an insider threat, with private or state actors using legitimate network functions and credentials to exfiltrate the data of governments, corporations, and end-users. The insider threat model put forth by Nurse et al. is examined and adapted with the help of pervasive monitoring case studies.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Factors that Influence Information Security Behavior: An Australian Web-Based Study

Nächstes Kapitel Identifying Blind Spots in IS Security Risk Management Processes Using Qualitative Model Analysis

Farrel, S., Tschofenig, H.: Pervasive Monitoring is an Attack, (RFC 7258) Internet Engineering Task Force, May 2014. https://tools.ietf.org/html/rfc7258 (2014). Accessed 18 Feb 2015

Hasan, R., Myagmar, S., Lee, A.J., Yurcik, W.: Toward a threat model for storage systems. In: Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 94–102. ACM, New York (2005)

Johansson, J.M.: Network threat modeling. In: Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. IEEE, New York, 9–11 June 2003

Cappelli, D., Moore, A., Trzeciak, R.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Pearson Education Inc, New Jersey (2012)

Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: Workshop on Research for Insider Threat (WRIT), in Conjunction with the IEEE Symposium on Security and Privacy (SP). IEEE, New York, 18 May 2014

Marcus, B., Schuler, H.: Antecedents of counterproductive behavior at work: a general perspective. J. Appl. Psychol. 89(4), 647–660 (2004)CrossRef

Wiggins, J.S.: The Five Factor Model of Personality: Theoretical Perspectives. Guildford Press, New York (1996)MATH

Paulhus, D.L., Williams, K.M.: The dark triad of personality: Narcissism, Machiavellianism, and psychopathy. J. Res. Pers. 36(6), 556–563 (2002)CrossRef

Schneier, B.: Attack trees. Dr. Dobbs J. 24(12), 21–29 (1999)

10.

Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)

11.

ARMA International: Generally Accepted Recordkeeping Principles®. http://www.arma.org/docs/sharepoint-roadshow/the-principles_executive-summaries_final.doc (2012). Accessed 18 Feb 2015

12.

The World Bank: Worldwide Governance Indicators. http://data.worldbank.org/data-catalog/worldwide-governance-indicators (2014). Accessed 18 Feb 2015

13.

Ball, J., Borger, J., Greenwald, G.: Revealed: How US and UK Spy Agencies Defeat Internet Privacy and Security, The Guardian. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security (2013). Accessed 18 Feb 2015

14.

Risen, J., Lichtblau, E.: Bush Lets U.S. Spy on Callers Without Courts, The New York Times, 16 December 2005. http://www.nytimes.com/2005/12/16/politics/16program.html?pagewanted=all&_r=0 (2005). Accessed 18 Feb 2015

15.

Cauley, L.: NSA has Massive Database of Americans’ Phone Calls, USA Today, 11 May 2006. http://usatoday30.usatoday.com/news/washington/2006-05-10-nsa_x.htm (2006). Accessed 18 Feb 2015

16.

National Security Agency/Central Security Service: Transition 2001, December 2000. https://www.eff.org/document/nsa-transition-2001 (2000). Accessed 18 Feb 2015

17.

Greenwald, G., MacAskill, E.: NSA Prism Program Taps in to User Data of Apple, Google and Others, The Guardian, 7 June 2013. http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data (2013). Accessed 18 Feb 2015

18.

MacAskill, E., Borger, J., Hopkins, N., Davies, N., Ball, J.: GCHQ Taps Fibre-Optic Cables for Secret Access to World’s Communications, The Guardian, 21 June 2013. http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa (2013). Accessed 18 Feb 2015

19.

Rosenblatt, J.: Google Fights E-Mail Privacy Group Suit it Calls Too Big, Bloomberg Business, 28 February 2014. http://www.bloomberg.com/news/articles/2014-02-27/google-fights-e-mail-privacy-group-suit-it-calls-too-big (2014). Accessed 18 Feb 2015

20.

Google Inc.: Google Terms of Service (archive), 14 April 2014. http://www.google.com/intl/en/policies/terms/archive/20131111-20140414/ (2014). Accessed 18 Feb 2015

21.

Devereaux, R., Greenwald, G., Poitras, L.: Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas, The Intercept, 19 May 2014. https://firstlook.org/theintercept/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/ (2014). Accessed 18 Feb 2015

22.

Assange, J.: WikiLeaks Statement on the Mass Recording of Afghan Telephone Calls by the NSA, WikiLeaks, 23 May 2014. https://wikileaks.org/WikiLeaks-statement-on-the-mass.html (2014). Accessed 18 Feb 2015

23.

Soldatov, A., Borogan, I.: Russia’s Surveillance State, World Policy Journal, Fall 2013. http://www.worldpolicy.org/journal/fall2013/Russia-surveillance (2013). Accessed 18 Feb 2015

24.

Walton, G.: China’s Golden Shield: Corporations and the Development of Surveillance Technology in the People’s Republic of China. International Centre for Human Rights and Democratic Development, Montreal (2001)

Titel: Pervasive Monitoring as an Insider Threat
verfasst von: Dana Polatin-Reuben
Verlag: Springer International Publishing
Buch: Human Aspects of Information Security, Privacy, and Trust
Print ISBN: 978-3-319-20375-1

Electronic ISBN: 978-3-319-20376-8

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-20376-8_22

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"