As data represent a key asset for today's organizations the problem of how to protect this
data from theft and misuse is at the forefront of these organizations' minds. Even though today
several data security techniques are available to protect data and computing infrastructures
many such techniques -- such as firewalls and network security tools -- are unable to protect
data from attacks posed by those working on an organization's inside. These insiders usually
have authorized access to relevant information systems making it extremely challenging to
block the misuse of information while still allowing them to do their jobs. This book discusses
several techniques that can provide effective protection against attacks posed by people
working on the inside of an organization. Chapter One introduces the notion of insider threat
and reports some data about data breaches due to insider threats. Chapter Two covers
authentication and access control techniques and Chapter Three shows how these general
security techniques can be extended and used in the context of protection from insider threats.
Chapter Four addresses anomaly detection techniques that are used to determine anomalies in
data accesses by insiders. These anomalies are often indicative of potential insider data
attacks and therefore play an important role in protection from these attacks. Security
information and event management (SIEM) tools and fine-grained auditing are discussed in
Chapter Five. These tools aim at collecting analyzing and correlating -- in real-time -- any
information and event that may be relevant for the security of an organization. As such they
can be a key element in finding a solution to such undesirable insider threats. Chapter Six
goes on to provide a survey of techniques for separation-of-duty (SoD). SoD is an important
principle that when implemented in systems and tools can strengthen data protection from
malicious insiders. However to date very few approaches have been proposed for implementing
SoD in systems. In Chapter Seven a short survey of a commercial product is presented which
provides different techniques for protection from malicious users with system privileges --
such as a DBA in database management systems. Finally in Chapter Eight the book concludes
with a few remarks and additional research directions. Table of Contents: Introduction
Authentication Access Control Anomaly Detection Security Information and Event Management
and Auditing Separation of Duty Case Study: Oracle Database Vault Conclusion
