TY - CONF JO - Technologies for Homeland Security, 2009. HST '09. IEEE Conference on TI - AZALIA: an A to Z assessment of the likelihood of insider attack T2 - Technologies for Homeland Security, 2009. HST '09. IEEE Conference on IS - SN - VO - SP - 385 EP - 392 AU - Bishop, M. AU - Gates, C. AU - Frincke, D. AU - Greitzer, F.L. Y1 - 11-12 May 2009 PY - 2009 KW - organisational aspects KW - psychology KW - security KW - business value KW - enterprise-level solution KW - financial impact KW - insider attack likelihood KW - language affectation analysis KW - malicious insiders KW - operating losses KW - psychological indicators KW - resources prioritization VL - JA - Technologies for Homeland Security, 2009. HST '09. IEEE Conference on DOI - 10.1109/THS.2009.5168063 AB - The insider threat problem is increasing, both in terms of the number of incidents and their financial impact. To date, solutions have been developed to detect specific instances of insider attacks (e.g., fraud detection) and therefore use very limited information for input. In this paper we describe an architecture for an enterprise-level solution that incorporates data from multiple sources. The unique aspects of this solution include the prioritization of resources based on the business value of the protected assets, and the use of psychological indicators and language affectation analysis to predict insider attacks. The goal of this architecture is not to detect that insider abuse has occurred, but rather to determine how to prioritize monitoring activities, giving priority to scrutinizing those whose background includes access to key combinations of assets as well as those psychological/other factors that have in the past been associated with malicious insiders. ER -