Combating inside threats using behaviour based access control Thesis uri icon

abstract

  • Insider threat poses a great risk to financial institutions due to the mere fact that they have privilege and authentic access to corporate and customer data. Insiders are trusted persons, have legitimate access, have knowledge and skills of systems and their loopholes and they operate insider the security parameter. This level of access makes detection and prevention of malicious activities by insiders extremely difficult. The financial services sector is especially affected by insider threat as indicated by the large number of frauds perpetrated by their own employees. Regulatory requirements also require players in this industry to adequately protect customer information by ensuring that it is on a need to know basis. The problem, therefore, becomes how to separate suspicious behaviour from legitimate behaviour. Most mechanisms currently employed enforce more after-the-fact approaches that are too late into the mitigation. Access control mechanisms in use provide a more general allocation of rights to individuals internally giving them more access than they really require. This thesis conducts a descriptive research on the insider threat amongst players in the financial services sector. It looks at the understanding of security practitioners in the industry on insider threats and the mitigation strategies currently in use. User behaviours that can be considered in making access control decisions are then identified and applied in developing an access control framework. The framework utilizes a more fine grained approach to access control to make access control decisions on a real time basis hence reducing the blanket access control rights that allow users to access data they do not necessarily need. This granularity promotes a more dynamic way of access control and ensures that decisions to grant access to certain objects is evaluated at run time using a number well defined rules that apply to the user behaviour. Data used to evaluate the framework shows that a more fine grained approach to access control is successful in better mitigating the insider threat.