Accession Number : ADA592416


Title :   Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase 1


Descriptive Note : Technical note


Corporate Author : CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST


Personal Author(s) : Porter, Greg


Full Text : http://www.dtic.mil/dtic/tr/fulltext/u2/a592416.pdf


Report Date : Nov 2013


Pagination or Media Count : 29


Abstract : In early 2013, researchers in the CERT (registered trademark) Insider Threat Center contacted commercial and government cloud service providers (CSPs) about participating in research to gain a preliminary understanding of implemented administrative and technical controls that they are using to identify and manage the threats posed by insiders. These CSP participants provided frank and meaningful insight about their insider threat management programs and enterprise security practices. This report contains the observations obtained from interviewing the CSP personnel who volunteered to participate as well as an analysis of CSP management of insider threats based on the information obtained in interviews, observations of implemented insider threat controls, and risk considerations.


Descriptors :   *CLOUD COMPUTING , *COMPUTER ACCESS CONTROL , *COMPUTER NETWORK SECURITY , *INFORMATION SECURITY , *MANAGEMENT PLANNING AND CONTROL , *RISK MANAGEMENT , *THREATS , AUDITING , CRYPTOGRAPHY , MONITORING , OBSERVATION , POLICIES , RISK ANALYSIS , STANDARDS , SURVEYS , TRAINING


Subject Categories : Information Science
      Computer Systems
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE