Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.
This is an open access article distributed under the Creative Commons Attribution License
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited