WRIT 2016 - Workshop on Research for Insider Threat

Workshop on Research for Insider Threat (WRIT) 2014
horse-WRIT WRIT 2014: May 18, 2014
Fairmont San Jose Hotel | San Jose, CA, USA
Registration | Hotel | Travel Grants | Overview | Topics
Submission | Program | Important Dates
IEEE Systems Journal Special Issue
Program Chairs | Program Committee | Sponsors
Registration
Registration has opened for the SPW14 workshops! Participants can register for both the Symposium on Security and Privacy (SP) and the Security and Privacy Workshops (SPW) at the same site. SPW registration is for a workshop "day pass," to allow attendance at any of the workshops on a specific day (Saturday or Sunday). Of course, you may purchase passes for both days. During registration, you will identify the workshop you are most likely to attend; this allows the organizers to make arrangements based on number of expected attendees for each workshop. Register online >
Hotel
The Security & Privacy Workshops will be held at the Fairmont Hotel in San Jose, which has now provided a registration code for attendees to use to get discounted rates. To take advantage of the discounted rate, make your hotel reservation by April 23, 2014. Information about the hotel will be available on the SPW website shortly. Book your rooms online >
Travel Grants
NSF and the IEEE Computer Society's Technical Committee on Security and Privacy, our sponsoring organization, are funding travel grants for students that will allow us to cover both domestic travel and international travel. Learn more about travel grants >
Overview
The threat of damage caused by authorized users, or insiders, is one of the most challenging security issues facing most organizations today. Insiders often attack using authorized access and with actions very similar to non-malicious behavior. Modern insiders are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of building, deploying, and managing comprehensive insider threat monitoring systems. Furthermore, insider attacks can also include those unintentionally enabled by users who fall victim to external attacks such as phishing or drive-by downloads.
Cybersecurity professionals face significant challenges in preventing, detecting, and responding to insider attacks, and often turn to insider threat researchers for answers. Unfortunately, insider threat researchers also face serious barriers to conducting scientifically and operationally valid work, such as access to real-world data and ground-truth about malicious insider activity. Therefore, it is imperative that cybersecurity researchers and professionals work together to find solutions that protect organizations from insider threats. Technical approaches to this problem are emerging, but studies show little significant progress has been made in reducing the actual numbers or impacts of insider attacks. There are two main reasons for the relative lack of success in identifying insider threats:
The problem is not well understood. In addition to the complex challenges surrounding collection, correlation, and detection of technical indicators, researchers must also understand underlying human motivations and behaviors. This is not a traditional area of study for IT security researchers; configuring technical solutions to monitor for human deception is challenging.
Data on insider attacks is difficult to obtain
Ground truth data:Organizations suffering insider attacks are often reluctant to share data about those attacks publicly. Studies show over 70% of attacks are not reported externally, including many of the most common, low-level attacks. This leads to uncertainty that available data accurately represents the true nature of the problem.
Baseline data: The rate of insider attacks is relatively unknown; furthermore, the behaviors of non-malicious users are also not available in large data sets.