By Topic

From Insider Threats to Business Processes that are Secure-by-Design

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Dieter Gollmann ; Hamburg Univ. of Technol., Hamburg, Germany

Summary form only given. The observations that security is not an add-on feature and that insiders pose a considerable security threat have both been familiar in the security community for a long time. Attempts to deal with insider threats are not new either. Relevant techniques such as separation of duties are part of the standard toolset of security practitioners. However, it may well be true that in the past most countermeasures against insider threats belonged to the social and not to the technical domain. With increasing automation and IT support for business processes this approach is reaching its limits, as are approaches that just add-on IT security to business processes. This talk will argue that defending against insider threats is in fact just one aspect of designing secure organisational (business) processes, and that one has to start at the design of the processes within an organization to make progress in dealing with insider threat.

Published in:

Intelligent Networking and Collaborative Systems (INCoS), 2011 Third International Conference on

Date of Conference:

Nov. 30 2011-Dec. 2 2011