Publications
Building a system for insider security
Current protection strategies against insider adversaries are expensive, intrusive, not systematically implemented, and operate independently; too often, these strategies are defeated. The authors discuss the development of methods for a systems-based approach to insider security. To investigate insider evolution within an organization, they use system dynamics to develop a preliminary model of the employee life cycle that defines and analyzes the employee population's interactions with insider security protection strategies. The authors exercised the model for an example scenario that focused on human resources and personnel security activitiesspecifically, prehiring screening and security clearance processes. The model provides a framework for understanding important interactions, interdependencies, and gaps in insider protection strategies. This work provides the basis for developing an integrated systems-based process for buildingthat is, designing, evaluating, and operatinga system for effective insider security. © 2009 IEEE.