1. Field
This disclosure is generally related to organizational security. More specifically, this disclosure is related to a method and system for detecting malicious acts of insiders in an organization.
2. Related Art
There is a longstanding problem of threats from insiders within government and large organizations where respected employees become malicious. Malicious insiders are people with access to confidential information that give away such information and cause irreparable damage. Often, these acts are not committed by a single person, but by a group of colluding insiders. These groups may contain actively malicious insiders as well as ignorant individuals that serve as support. Identifying these individuals is a critical yet challenging task.
Currently, most organizations rely on practices such as background checks, access control lists, user policies and audits to thwart insider attacks. Many current practices also rely heavily on human analysts to do the background checks and to identify connections between people. Unfortunately, such practices are inefficient, labor-intensive, and may be unreliable.