Insider Threats
eBook - ePub

Insider Threats

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Insider Threats

About this book

An information system may be regarded as an organized set of resources, both technological and human. Security should take this specificity into consideration in order to ensure an overall security of information systems. The security of information systems is usually tackled in a technological perspective. This book proposes to focus not only on information systems' security in a technological perspective, but also in a human, managerial and organizational perspective.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Wiley-ISTE
Year
2018
Print ISBN
9781848219724
eBook ISBN
9781119516491
Edition
1
Topic
Computer Science
Subtopic
Information Technology
Index
Computer Science

PART 1
Information Systems: Technologies and People

1
Components with Known Purposes: Technologies

In Greek mythology, when Theseus left to fight the Minotaur, his father Aegeus asked him to replace the black sail of his boat with a white one if he returned victorious. Just like components of an information system, Theseus and Aegeus were exchanging information through a clearly defined procedure. An information system is not a computer system. Organizations can see their information system supported by a computer system, but the information system cannot be reduced to a computer system. Individuals, the users of the computer system, are components of the information system: they also process, store and spread information, whether through the computer system or not. In this way, they themselves are also entry points likely to constitute the insider threats that this book addresses.
This chapter will discuss the technologies that have been used by human beings to support and secure information systems throughout history. From the decrease in transmission time to the massification of the quantities processed, the purposes of these technologies have evolved through the years and led to the explosion of a threat that is still part of every information system: the insider threat.
It is not our intention to focus on a history of the concept of information systems, but rather on a history of artifacts and technologies implemented by human beings to support and secure it. In fact, for authors such as Weizenbaum [WEI 84]: “the remaking of the world in the image of the computer started long before there were any electronic computers”. Thus, the reader will see how, over the years, these artifacts have pursued goals such as decreasing transmission time, decreasing processing time or the massification of quantities of information in an information system. Each time, these artifacts have revealed new threats to the information system’s security and the history that we offer in this chapter is intended to make the reader aware of the possibility of threats that do not come from the technological component of the information system. Indeed, since the beginning of time, the human component of the information system has constituted an insider threat, as this history will demonstrate.

1.1. Up to the end of the 19th Century: decreasing transmission time

In the second Century BC, the Greek Polybius developed a system for transmitting information over long distances in a few minutes where otherwise several hours of travel on horseback would have been necessary [LAU 77]. An operator showed or hid torches behind two walls in order to represent a letter of the alphabet (Figure 1.1). In fact, Polybius proposed dividing the alphabet into five groups of letters, with the result that only two “digits” were sufficient to represent the entire alphabet. Table 1.1 shows Polybius’ code: to represent an “A”, a torch was raised on the first wall and another on the second (first line and first column); to represent a “Ω”, five torches were raised on the first wall and four on the second (fifth line and fourth column).
img
Figure 1.1. Artifacts supporting an information system in the second Century BCE ([LAU 77], source: BibliothĂšque Nationale de France)
Table 1.1. Polybius’ code
1 2 3 4 5
1 A B Γ Δ Ε
2 Ζ Η Θ Ι Κ
3 Λ Μ Ν Ξ Ο
4 Π Υ Σ ΀ ΄
5 Ί Χ Κ Ω
Independently of any artifact, an individual, from the moment he/she exchanges information, places himself/herself in an information system in which he/she is a component. In this way, the author, while writing this book, is part of an information system and the reader, when he or she reads these words, is within an information system. Information systems are everywhere and very often it has been military motivations that have motivated humanity to perfect them, thus raising the question of the security of such systems.
Indeed, talking is a natural process for human beings who are able to comprehend the risks inherent in the security of the information that spreads when they talk. For example, a child knows that he/she risks being overheard. If we can imagine what dangers might threaten a messenger on horseback in Ancient Greece, it is also possible to see security breaches in Polybius’ information system: everyone has access to the information being transmitted. This awareness of security flaws is not natural for human beings insofar as the means of communication is not natural. The same thing is true when information systems within organizations are increasingly supported by digital artifacts.
From the moment it is supported by an artifact, an information system presents security flaws that we are not naturally aware of.
Although artifacts can give a false impression of security and lead to flaws that individuals must be made aware of, the fact remains that natural forms of communication can also lead to flaws that individuals must be made aware of.
Polybius perfected his system very quickly with the help of a password: one starts to fill in the square (Table 1.1) with the letters of this password and then completes it with the remaining letters of the alphabet. At the time, the message was indecipherable without the password. This kind of encryption with monoalphabetic substitution is easily decipherable today with an analysis of how frequently letters appear in a language. In French, for example, the letter “e” is the most frequently used.
There are documents attesting to the existence of systems comparable to Polybius’, although simpler, used by the ancient people of Europe and Asia. For example, the Roman army established telecommunication stations along Roman roads [LAU 77]. Trajan’s column in Rome provides a visual representation of these observation turrets equipped with torches (Figure 1.2). In China, the Great Wall was equipped with fires used to signal an attack. Brick cones full of wood and straw also served to create smoke to announce the arrival or retreat or enemy troops.
img
Figure 1.2. Artifacts supporting the Roman army’s information system in the first Century
In the Middle Ages, the Romans’ system fell into disuse in Europe while in Constantinople, signal lights remained in use for signaling Muslim incursions. Progress in physics in the 16th and 17th Centuries rekindled the idea of systems that could transmit information over distances at “great speed”. In France in 1705, the Royal Academy of Sciences wrote the following about the system of physicist and academician Guillaume Amontons:
“[Amontons’ system] consists of having several people in consecutive posts who, by means of telescopes, having seen certain signals from the previous post, transmit them to the following one, and so on, and these different signals are the letters in an alphabet whose code is known in Paris and in Rome. Most of the telescopes cover the distance between the posts, whose number must be as low as possible; and the same way the second post sends signals to the third as soon as they see the first post sending it, the news is sent from Paris to Rome in as little time as it took to send the signals in Paris”. [FON 05, p. 152]
The telegraph of the Chappe...

Table of contents

  1. Cover
  2. Table of Contents
  3. Title
  4. Copyright
  5. List of Figures
  6. List of Scenarios
  7. Preface
  8. Introduction
  9. PART 1: Information Systems: Technologies and People
  10. PART 2: The Insider Threat
  11. Conclusion
  12. Bibliography
  13. Index
  14. End User License Agreement

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Insider Threats by Pierre-Emmanuel Arduin in PDF and/or ePUB format, as well as other popular books in Computer Science & Information Technology. We have over one million books available in our catalogue for you to explore.