terça-feira, 30 de janeiro de 2007

Analisando o Insider Threat

Segue uma coletânea de artigos sobre as ameaças internas. Cortesia do
Anderson Ramos:

BALOYI, N. T. Misuse Intrusion Architecture: Prevent, Detect, Monitor
and Recover Employee Fraud.
In: ISSA 2005 New Knowledge Today Conference, 2005, Sandton, África do
Sul. Peer-Reviewed Proceedings, Pretoria: ISSA, 2005.
Disponível em http://icsa.cs.up.ac.za/issa/2005/Proceedings/Poster/079_Article.pdf>.

COMBS, B. K. The Pseudo-Internal Intruder: A New Access Oriented
Intruder Category. 1999. 89 f.
Dissertação (Mestrado em Ciência da Computação) - The Faculty of the
School of Engineering and Applied Science, University of Virginia,
Charlottesville, 1999.

KEENEY, M. et al. Insider Threat Study: Computer System Sabotage in
Critical Infrastructure Sectors.
Carnegie Mellon Software Engineering Institute, 2005.
Disponível em: <http://www.cert.org/archive/pdf/insidercross051105.pdf>.

LIU, A. et al. A Comparison of System Call Feature Representations for
Insider Threat Detection.
In: IEEE Systems, Man and Cybernetics (SMC) Information Assurance
Workshop, 2005. Proceedings…, West Point: IEEE, 2005. p.340-347.

MATZNER, S.; HETHERINGTON, T. Detecting Early Indications of a
Malicious Insider. IANewsletter, Falls Church, v.7, n.2, p.42-45,

MAYBURY, M. et al. Analysis and Detection of Malicious Insiders. In:
Disponível em http://analysis.mitre.org/proceedings/Final_Papers_Files/280_Camera_Ready_Paper.pdf

PHYO, A. H.; FURNELL, S. M. A Detection-Oriented Classification of
Insider IT Misuse. In: Proceedings of the 3rd Security Conference, Las
Vegas, EUA, p.14-15, abr. 2004.

RANDAZZO, M. et al. Insider Threat Study: Illicit Cyber Activity in
the Banking and Finance Sector.
Carnegie Mellon Software Engineering Institute, 2004. Disponível em:

SCHULTZ, E. E. A framework for understanding and predicting insider
attacks. Computers and Security, New York, v.21 n.6, p.526-531, out.

SHAW, E. D.; RUBY, K. G.; POST, J. M. The Insider Threat To
Information Systems. Security Awareness Bulletin No. 2-98.
Department of Defense Security Institute, [S.l], 1998.

Nenhum comentário: