Prerequisites for monitoring insider IT misuse |
Although the problem of insider misuse of IT systems is frequently recognised in the results of computer security surveys, it is less widely accounted for in organisational security practices and available countermeasures. The countermeasures available today are oriented towards the prevention and detection of outsider attacks on the organisation’s IT systems and services. However, we argue that it is possible to apply similar mechanisms and strategies towards monitoring of insider IT misuse. However, there are requirements that need to be satisfied before insider misuse monitoring can be put in to practice and it is recommended that a misfeasor monitoring system should include features for monitoring file access through arbitrary applications, file replication, partial data replication, file transfer, file deletion, user management, settings/configuration management, database access, and Internet access.
Phyo AH, Furnell SM, Phippen AD