The insider threat has been framed as protection of the network from insiders whose threat level may be unknown to the organization. In this paper, we propose a Budget-Based Access Control Model to mitigate the insider threat. We provide an order of magnitude price for every access right and assign each individual user a risk budget. The price for access is then personalized based on the observed historical behavior of the user. The risk budget represents the amount of risks an organiza-tion can tolerate from that employee. Each access right of a user may cost him certain risk points. The incentives come in the forms of punishments and rewards. The punishments are triggered by the risk budget exhaustion. On the other hand, those whose risk ...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Insider Attacks are one of the most dangerous threats organizations face today. An insider attack oc...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
AbstractThe most dangerous threats faced by organizations are insider attacks. Since insiders are aw...
Recent surveys indicate that the financial impact and operating losses due to insider intrusions are...
Submitted in partial fulfillment of the requirements for the Degree of Master of Science in Informa...
Insider Attacks are one of the most dangerous threats organizations face today. An insider attack oc...
Insider Attacks are one of the most dangerous threats or-\ud ganizations face today. An insider atta...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Abstract As insider threats pose very significant security risks to IT systems, we ask what policy-b...
This paper is aimed at discussing on how the so called privileged users place the important data at ...
An insider is a person that has or had a legitimate right to access computing resources of an organi...
We describe a framework for risk assessment specifically within the context of risk-based access con...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Insider Attacks are one of the most dangerous threats organizations face today. An insider attack oc...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
AbstractThe most dangerous threats faced by organizations are insider attacks. Since insiders are aw...
Recent surveys indicate that the financial impact and operating losses due to insider intrusions are...
Submitted in partial fulfillment of the requirements for the Degree of Master of Science in Informa...
Insider Attacks are one of the most dangerous threats organizations face today. An insider attack oc...
Insider Attacks are one of the most dangerous threats or-\ud ganizations face today. An insider atta...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Abstract As insider threats pose very significant security risks to IT systems, we ask what policy-b...
This paper is aimed at discussing on how the so called privileged users place the important data at ...
An insider is a person that has or had a legitimate right to access computing resources of an organi...
We describe a framework for risk assessment specifically within the context of risk-based access con...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
The increasing need to share information in dynamic environments has created a requirement for risk-...