Jump to content

Misuse detection

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 216.47.158.223 (talk) at 18:14, 3 February 2007 (Theory). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Misuse Detection actively works against potential insider threats to vulnerable company data.

Misuse

Insider misuse of technical systems is a growing problem in companies world-wide. In 1996, 62.9 percent of companies reported misuse of computer systems by insiders [1]. The concept of Misuse Detection is to track computer use within a company and prevent users from compromising critical company data.

Theory

Misuse Detection utilizes anomaly detection as a way to identify insider misuse of a system. A profile of acceptable or routine actions is created, which is then be compared to future actions that a user makes. The profile is a set of data collected from monitoring a user for a period of time. During this calibration, it is assumed that the user is abiding by company policy. If the user is performing illegal or unethical activities during that period of time, the profile cannot be properly constructed. After a proper profile is constructed, various algorithms can be implemented to compare current user activity to the ethical activities reflected within the user profile.

Notes

  1. ^ "The Insider Threat To Information Systems" by Eric D. Shaw, Ph.D., Keven G. Ruby, M.A. and Jerrold M. Post, M.D.

Further Reading

For more information on Misuse Detection, including papers written on the subject, consider the following:

Retrieved from "https://en.wikipedia.org/w/index.php?title=Misuse_detection&oldid=105374232"