Abstract
The chapter provides an outlook to contemporary innovative methods for detecting internal threats to the information security of critical infrastructure objects, mitigating these threats, as well as preventing the leakage of sensitive information. Internal threats are unpredictable and pose a major challenge to traditional IT security measures. A specific emphasis is placed on the insider threats problem emerging due to: careless behaviour of insiders, vendors and contractors, cybersecurity policies, e-identity theft, and malicious users. Methods for detecting and protecting internal threats encompass user behaviour analysis, consumer behaviour analysis, risk assessment and profiling, analysis of information flow within the organisation, and definition of sensitive information. Some useful methods for protecting sensitive data through a holistic approach that covers data both inside and outside the organization are also presented. Consumer activity monitoring systems and Data Leak Prevention (DLP) data leakage monitoring systems are finally discussed in the context of practical handling of internal threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Zaballos, A., Jeun, I.: Best Practices for Critical Information Infrastructure Protection (CIIP). Inter-American Development Bank (IDB) and Korea Internet & Security Agency (KISA) (2016)
EU Directive 2008/114/EC: Identification and designation of European critical infrastructures (2008)
ISO (International Organization for Standardization): Information Technology—Security Techniques—Information Security Management Guidelines Based on ISO/IEC 27002 for Process Control Systems Specific to the Energy Utility Industry. ISO/IEC TR 27019:2013 (2013)
ITU (International Telecommunication Union): Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts. ITU Study Group Q.22/1, Geneva (2008)
Schmitt, M.N.: Tallinn Manual on the International Law Applicable to Cyber Warfare. Prepared for the NATO Cooperative Cyber Defense Center of Excellence. Cambridge University Press, Cambridge (2013)
USA Patriot Act. Public Law 107-56 (2001) [Online]. Available at: https://epic.org/privacy/terrorism/hr3162.html. Accessed: Dec 2019
Ellinas, G., Panayiotou, C., Kyriakides, E., Polycarpou, M.: Critical infrastructure systems: basic principles of monitoring, control, and security. In: Kyriakides, E., Polycarpou, M. (eds.) Intelligent Monitoring, Control, and Security of Critical Infrastructure Systems. Studies in Computational Intelligence, vol. 565, pp. 1–30. Springer, Berlin (2015)
Rinaldi, S.: Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of the 37th International Conference on System Sciences 2004, pp. 1–8 (2004)
Rhodes-Ousley, M.: Information Security: The Complete Reference, 2nd edn. McGraw-Hill, New York (2013)
DeviceLock Web Page. Available at: www.endpointprotector.com. Accessed: Dec 2019
Cososys Endpoint Protector. Available at: www.endpointprotector.com. Accessed: Dec 2019
Hintzbergen, J., Hintzbergen, K., Smulders, A., Baars, H.: Foundations of Information Security Based on ISO27001 and ISO27002, 3rd edn. Van Haren Publishing (2010)
ISO 27001. Official Web Page. Available at: https://www.iso.org/isoiec-27001-information-security.html. Accessed: Dec 2019
IT Governance Institute: COBIT Security Baseline: An Information Survival Kit, 2nd edn. IT Governance Institute (2007)
NIST Special Publications (800 Series). Available at: https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information. Accessed: Dec 2019
Gramm-Leach-Bliley Act (GLBA) resources. Available at: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act. Accessed: Dec 2019
Anand, S.: Sarbanes-Oxley Guide for Finance and Information Technology Professionals. Wiley, Hoboken (2006)
Sarbanes-Oxley Act (SOX) Resources. Available at: https://legcounsel.house.gov/Comps/Sarbanes-oxley%20Act%20Of%202002.pdf. Accessed: Dec 2019
Herold, R., Beaver, K.: The Practical Guide to HIPAA Privacy and Security Compliance, 2nd edn. Auerbach (2011)
PCI Security Standards. Available at: https://www.pcisecuritystandards.org/pci_security/. Accessed: Dec 2019
EU General Data Protection Regulation Official Page. Available at: https://ec.europa.eu/info/law/law-topic/data-protection_en. Accessed: Dec 2019
ObserveIT Web Page. Available at: www.observeit.com. Accessed: Dec 2019
Dimitrov, W., Siarova, S., Petkova, L.: Types of dark data and hidden cybersecurity risks. Project Conceptual and Simulation Modeling of Ecosystems for the Internet of Things (CoMein) (2018). https://doi.org/10.13140/RG.2.2.31695.43681
Dimitrov, W.: Analysis of the need for cyber security components in the study of advanced technologies. In: INTED2020 Proceedings, 114th Annual International Technology, Education and Development Conference, INTED, 3–5 Mar 2020. ISBN: 978-84-09-17939-8. Available at: https://doi.org/10.21125/inted.2020.1423. Accessed Mar 2020
Gaydarski, I., Minchev, Z.: Conceptual modelling of information security system and its validation through DLP systems. In: 9th International Conference on Business Information Security (BISEC-2017), 18th Oct 2017, pp. 36–40, Belgrade, Serbia (2017)
Gaydarski, I., Kutinchev, P.: Holistic approach to data protection—identifying the weak points in the organization. In: International Conference “Big Data, Knowledge and Control Systems Engineering” BdKCSE’2017, 7–8 Dec 2017, pp. 125–135, Sofia, Bulgaria (2017)
Gaidarski, I.: Challenges to Data Protection in Corporate Environment, 30 Mar–5 Apr 2018, Sofia–Borovets (2018). Available at: https://it4sec.org/news/forum-future-digital-society-resilience-new-digital-age. Accessed: Dec 2019
CYREX 2018 Web Page. Available at: https://securedfuture21.org/cyrex_2018/cyrex_2018.html. Accessed: Dec 2019
Dimitrov, W.: Operational Cybersecurity, p. 122. Avangard Prima, Sofia (2019). ISBN 978-619-219-209-3
Polemi, N.: Port cybersecurity: securing critical information infrastructures and supply chains. Elsevier, Amsterdam (2017) ISBN: 9780128118184
Acknowledgements
The research is partially supported by the KoMEIN Project (Conceptual Modeling and Simulation of Internet of Things Ecosystems) funded by the Bulgarian National Science Foundation, Competition for Financial Support of Fundamental Research (2016) under the thematic priority: Mathematical Sciences and Informatics, contract № DN02/1/13.12.2016. Additional gratitude is also given to the National Scientific Program “Information and Communication Technologies for a Single Digital Market in Science, Education and Security (ICTinSES) 2018–2020”, financed by the Ministry of Education and Science, Republic of Bulgaria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gaidarski, I., Minchev, Z. (2021). Insider Threats to IT Security of Critical Infrastructures. In: Tagarev, T., Atanassov, K.T., Kharchenko, V., Kacprzyk, J. (eds) Digital Transformation, Cyber Security and Resilience of Modern Societies. Studies in Big Data, vol 84. Springer, Cham. https://doi.org/10.1007/978-3-030-65722-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-65722-2_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65721-5
Online ISBN: 978-3-030-65722-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)