Development of a Methodology for Customizing Insider Threat Auditing on a Microsoft Windows XP® Operating System

Author

Terry E. Levoy

Date of Award

6-2006

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Robert F. Mills, PhD

Abstract

Most organizations are aware that threats from trusted insiders pose a great risk to their organization and are very difficult to protect against. Auditing is recognized as an effective technique to detect malicious insider activities. However, current auditing methods are typically applied with a one-size-fits-all approach and may not be an appropriate mitigation strategy, especially towards insider threats. This research develops a 4-step methodology for designing a customized auditing template for a Microsoft Windows XP operating system. Two tailoring methods are presented which evaluate both by category and by configuration. Also developed are various metrics and weighting factors as a mechanism to evaluate auditing effectiveness for the purpose of optimizing the template according to organizational security requirements. Various industry standard auditing templates are evaluated against a custom designed template. Results indicate that a customized auditing template tailored for an insider threat scenario is more effective at detecting insider malicious activities.

AFIT Designator

AFIT-GIA-ENG-06-07

DTIC Accession Number

ADA453930

Recommended Citation

Levoy, Terry E., "Development of a Methodology for Customizing Insider Threat Auditing on a Microsoft Windows XP® Operating System" (2006). Theses and Dissertations. 3472.
https://scholar.afit.edu/etd/3472