[KSCI] Korea Science Citation Index Service

A Study on Insider Behavior Scoring System to Prevent Data Leaks

Lim, Young-Hwan (Hyundai-Autoever, Seoul National University of Science&Technology)
Hong, Jun-Suk (Seoul National University of Science&Technology)
Kook, Kwang Ho (Seoul National University of Science&Technology)
Park, Won-Hyung (Far East University)

Publication Information

Convergence Security Journal / v.15, no.5, 2015 , pp. 77-86 More about this Journal

Abstract

The organization shall minimize business risks associated with customer information leaks. Enhance information security activities through voluntary pre-check and must find a way to detect the personal information leakage caused by carelessness and neglect accident. Recently, many companies have introduced an information leakage prevention solution. However, there is a possibility of internal data leakage by the internal user who has permission to access the data. By this thread it is necessary to have the environment to analyze the habit and activity of the internal user. In this study, we use the SFI analytical technique that applies RFM model to evaluate the insider activity levels were carried out case studies is applied to the actual business.

Keywords

Data Leaks; Internal Controls; Security Monitoring System; Insider Threats; Insider Activity; SFI Analysis; RFM Model;

Citations & Related Records

Times Cited By KSCI : 2 (Citation Analysis)

Reference
Cited By KSCI

1	National Cyber Security Center, "Monthly Cyber Security" , pp.2-12, 2007.
2	National Internet Development Agency of Korea, "Survey on the Internnet Usage" , pp 11, 2008. 11.
3	2011 Cyber Security Watch Survey, "CSO Magazin, U.S. Secret Service and Carnegie Mellon University&Deloitte", 2011
4	Chang, Hang-Bae, Song, Ji-Hoon," The Exploratory Study on the Evaluation of Security System for Industrial Technology Leakage Prevention", The Journal of Korea Association for Industry Security, Vol.1 No.1 2009.12
5	Jo-Ting Wei, Shih-Yen Lin, Hsin-Hung Wu, "A review of the application of RFM model", Journal of Business Management, Vol.4 No.19,.2010
6	Seung Pyo Huh , Dae Sung Lee , Kui Nam Kim , "A Study on The Leak of Core Business Technologies Using Preventative Security Methods Such as Clustering", Convergence security journal 2010.09
7	Yeonwoo Lee Hyun-mi Jang Seng-phil Hong , "Design plan personal information management model large to protect the personal information Big data environment" , Korea Internet Information Society national conference of the Papers, VOL 13 NO. 02 PP. 0029 -0030 (2012. 11)
8	Salvatore J. Stolfo, Steven M. Bellonvin, Angelos D. Keromytis, Sara Sinclair, Sean W. Smith, "Security Beyond the Hacker", Springer, 2008
9	Rebecca Bacel and Peter Mell, "Intrusion Detection Systems", NIST, 2003.
10	Carl Endorf, Eugene Schultz, Jim Mellander, "Intrusion Detection & Prevention", McGrawHill, 2004.
11	H. Debar, M. Dacie, and A. Wepsi, "A Revised Taxonomy for Intrusion- Detection Systems", IBM Report, 1999.
12	F.Apap, A. Honnig, S.Hershkop, E.Eskin, and S.Stolfo. Detecting malicious software by monitoring anomalous windows registry accesses. Proceedings of the Fitth International Symposium on Recent Advances in Intrusion Detection(RAID 2002), 2002.
13	Stelios Sidiroglou, John Ioannidis, Angelos D. Keromytis, and Salvatore J. Stolfo. An Email Worm Vaccine Architecture. Proceeding of the First Information Security Practice and Experience(ISPEC 2005), 2005.
14	Apap, F., Honkg, A., Hershkop, S., Eskin, E., Stolfo, S.J : Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection(RAID). 2002.
15	D. J. Ha, Customer Relation Management based on Association rule and RFM Techniques, Journal of Korea University Graduated School, (2006)
16	Carsten Willems, Thorsten Holz, and Felix Freiling, : Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security & Privacy. 2007.
17	Jong-Ho Eom, The Quantitive Evaluation of a Level of Insider Activity using SFI Analysis Techniques, Journal of Security Engineering (2013), Vol.10 No.2
18	H. W. Shin, Methodology to analyze insider risk for the prevention of corporate data leakage, Journal of Korea University Graduated School, (2012)
19	J. H. Eom, S. H. Park, T. M. Chung, An Architecture of Access Control Model for Preventing Illegal Information Leakage by Insider, Journal of The Korea Institute of Information Security and Cryptology.(2010), Vol.20, No.5, pp.59-67.
20	H. J. Jang, The Insurance Method of Respond Ability on Insider Cyber Threat, 2012 ROKAF Information& Communications Development International Seminar, (2012)
21	Magklaras G.B, Furnell S.M., A preliminary model of end user sophistication for insider threat prediction in IT systems", Journal of Comput. Secur. (2004), Vol.24 No.5, pp.371-380.
22	Shari Lawrence Pfleeger, Hunker J., Bulford, C., Insiders Behaving Badly: Addressing Bad Actors and Their Actions, IEEE Transaction on information forensics and security. (2010), Vol.5, No.1, pp.169-179. DOI
23	Dawn Cappelli, Andrew Moore Randall Trzeciak, Timothy J. Shimeall, Common Sense Guide to Prevention and Detection of insider Threats, SEI Carnegie Mellon, (2009)
24	Jinho Yoo, Sangho Jie, Jongin Lim, Estimating Direct Costs of Enterprises by Personal Information Security Breaches, , Korea Institute of Information Security & Cryptology (2009.08)