A Structured Control Selection Methodology for Insider Threat Mitigation.

An insider is a person or software that possesses positive authorization to access the asset(s) of an enterprise. In recent years, security incidents perpetrated by enterprise insiders have increased considerably. Enterprises attempt to mitigate such threats by implementing controls intuitively, on an ad-hoc basis. However, such intuitive control implementation is both time-consuming, as well as prone to errors, leading to insecure enterprise systems. The paper attempts to address this issue by proposing a structured methodology for the selection of relevant security controls. The technique is to model insider threats and security controls, and match their constituent components against each other. The proposed methodology has been illustrated with suitable examples. [ABSTRACT FROM AUTHOR]