Researchers from Carnegie Mellon’s Software Engineering Institute have come together to create a layered approach for enterprises to deal with insider threats. The Insider Threat Security Reference Architecture (ITSRA) was born from existing best practices and data taken from 700 cases of insider related crime.
There are four layers to the ITSRA:
First there is business security architecture, which includes the creation of policies and procedures to determine the level of security that needs to be implemented with the other layers. This is followed by the information security architecture, which describes the organization’s underlying information infrastructure. The ISA is the layer that will focus on routers, switches, and servers, as well as the operating systems and other software required to manage the infrastructure.
The last two layers, data and application security architectures respectively, cover information assets (documents, databases, etc.) and the internal development of software and applications used to drive the organization’s identified goals.
“None of the layers function in isolation or independently of other layers. Rather, the correlation of indicators and application of controls across all four layers form the crux of this approach,” the research explains.
The Carnegie Mellon Software Engineering Institute works closely with defense and government organizations, industry, and academia with the goal of improving software-intensive systems.
The research is worth a read, and includes an example from the 700 cases where the ITSRA would have made a difference. The report can be found here.