Publication details

Home Publications Publication details

Prerequisites for monitoring insider IT misuse
Phyo AH, Furnell SM, Phippen AD
Proceedings of the Third Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2007), Plymouth, UK, ISBN: 978-1-8410-2173-7, pp41-52, 2007
Can be ordered on-line.
Download links:  Download PDF

Although the problem of insider misuse of IT systems is frequently recognised in the results of computer security surveys, it is less widely accounted for in organisational security practices and available countermeasures. The countermeasures available today are oriented towards the prevention and detection of outsider attacks on the organisation’s IT systems and services. However, we argue that it is possible to apply similar mechanisms and strategies towards monitoring of insider IT misuse. However, there are requirements that need to be satisfied before insider misuse monitoring can be put in to practice and it is recommended that a misfeasor monitoring system should include features for monitoring file access through arbitrary applications, file replication, partial data replication, file transfer, file deletion, user management, settings/configuration management, database access, and Internet access.

Phyo AH, Furnell SM, Phippen AD