Guest Editorial: Addressing Insider Threats and Information Leakage
Insider threats are one of the problems of organizational security that are most difficult to handle. It is often unclear whether or not an actor is an insider, or what we actually mean by “insider”. It also is often impossible to determine whether an insider action is permissible, or whether it constitutes an insider attack. From a technical standpoint, the biggest concern is the discrimination between legal insider actions representing a threat, and legal insider actions representing normal work. This is where many of the standard techniques fail, since they require a clear separation between insiders and outsiders, between “good” employees and attackers. A successful defense against insider threats must therefore not only consider technical approaches, it must also integrate sociological and socio-technical approaches to help identifying insider threats. This special issue collects a series of papers that discuss different aspects of insider threats and information leakage, one of the main concerns with insider attacks. The focus of the selected articles is on technical approaches to prevent or detect insider attacks, and on techniques for modeling and subsequently identifying insiders.