Difference between revisions of "May 2012"

From mn/ifi/AFSecurity
Jump to: navigation, search
Line 14: Line 14:
  
 
'''ABSTRACT:''' The talk will introduce the concept of Insider Threat Specification as a threat mitigation technique. After a short introduction of the multi-factorial problem of Insider IT misuse, the focus will be placed on what can be detected and predicted at system level. Insider Threat Specification will be introduced in terms of three essential and coordinated steps: System logging for insider misuse, examining how and what data to collect with a prototype log engine (LUARM). The talk will shift to presenting threat metrics for predicting insider actions. Finally, a way to express misuse detection and threats by means of a suitably crafted Domain Specific Language (ITPSL) will be explained. The talk will conclude with a presentation of the tools and future challenges of the insider IT misuse domain.
 
'''ABSTRACT:''' The talk will introduce the concept of Insider Threat Specification as a threat mitigation technique. After a short introduction of the multi-factorial problem of Insider IT misuse, the focus will be placed on what can be detected and predicted at system level. Insider Threat Specification will be introduced in terms of three essential and coordinated steps: System logging for insider misuse, examining how and what data to collect with a prototype log engine (LUARM). The talk will shift to presenting threat metrics for predicting insider actions. Finally, a way to express misuse detection and threats by means of a suitably crafted Domain Specific Language (ITPSL) will be explained. The talk will conclude with a presentation of the tools and future challenges of the insider IT misuse domain.
 +
 +
Presentation slides: [[Media:AFSec20120516-Magklaras-Plymouth.pdf]]
  
 
'''SPEAKER:''' George Magklaras, CSCAN, School of Computing and Mathematics,
 
'''SPEAKER:''' George Magklaras, CSCAN, School of Computing and Mathematics,

Revision as of 15:10, 19 May 2012

AFSecurity Seminar: The Insider Threat

Date: Wednesday 16 Mai 2012.

Location: Meeting room Awk (3118), Ole-Johan Dahls hus (IfI).

Agenda

14:00h Welcome at IfI

14:15h Invited talk

TITLE: Insider Threat Specification and Prediction

ABSTRACT: The talk will introduce the concept of Insider Threat Specification as a threat mitigation technique. After a short introduction of the multi-factorial problem of Insider IT misuse, the focus will be placed on what can be detected and predicted at system level. Insider Threat Specification will be introduced in terms of three essential and coordinated steps: System logging for insider misuse, examining how and what data to collect with a prototype log engine (LUARM). The talk will shift to presenting threat metrics for predicting insider actions. Finally, a way to express misuse detection and threats by means of a suitably crafted Domain Specific Language (ITPSL) will be explained. The talk will conclude with a presentation of the tools and future challenges of the insider IT misuse domain.

Presentation slides: Media:AFSec20120516-Magklaras-Plymouth.pdf

SPEAKER: George Magklaras, CSCAN, School of Computing and Mathematics, University of Plymouth, UK.

BIO: Dr. George Magklaras is an affiliate researcher on the domain of Intrusion Detection Systems, Insider IT misuse and forensics, with the Centre for Security, Communications and Networks Research at the University of Plymouth, UK (http://www.cscan.org). He currently serves as Head of IT at the Biotechnology Centre of Oslo (Univ. of Oslo) and Chair of the Technical Management Committee of the Life Science Computing group EMBnet (http://www.embnet.org). Prior to his current posts, he had served as system administrator and data security consultant at a variety of companies, including BT, IBM and Redhat. He has obtained his Doctoral, Masters and Bachelor degrees from the School of Computing and Mathematics, University of Plymouth, UK. He holds an RHCE certification and he is an IEEE and USENIX association member.


15:00h Discussion

15:30h End