FRAMEWORK FOR EFFECTIVENESS EVALUATION OF INSIDER THREAT PROTECTION

Year
1990
Author(s)
L. Harris, Jr. - Science Applications International Corporation
Abstract
A framework is presented for evaluating the combined effectiveness of security measures that prevent insider adversaries from attempting serious malevolent acts and that prevent such attempts from succeeding. The framework combines the conventional security effectiveness that is derived from vulnerability analyses with another security effectiveness that is based on effectiveness assessments of three mechanisms for preventing insider adversary attempts from being made. These mechanisms are 1) initial screening of applicants for sensitive positions, 2) continuing evaluation of employees in sensitive positions, and 3) deterrence of employees in sensitive positions due to their perception of the effectiveness of the security program. A key effectiveness parameter to be assessed for each mechanism is defined and discussed.