Krisdian Eko Sutedja REFERENCES

Anderson, J.P., 1972. Information security in a multi-user computer environment.

Adv. Comput. 12, 24.

Anderson, R.H., Brackney, R., 2004. Understanding the insider threat.

Andress, A., 2003. Surviving security: how to integrate people, process, and technology. CRC press.

Azaria, A., Richardson, A., Kraus, S., Subrahmanian, V., 2014. Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data.

Comput. Soc. Syst. IEEE Trans. On 1, 135–155.

Balaouras, S., 2008. Building The Business Case For Disaster Recovery Spending.

Forrester–03042008 18p.

Bin Ahmad, M., Akram, A., Asif, M., others, 2014. Towards a Realistic Risk Assessment Methodology for Insider Threats of Information Misuse, in:

Frontiers of Information Technology (FIT), 2014 12th International Conference on. IEEE, pp. 176–181.

Bishop, M., Gates, C., 2008. Defining the insider threat, in: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research:

Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead. ACM, p. 15.

Bittner, K., 2002. Use case modeling. Addison-Wesley Longman Publishing Co., Inc.

Bowen, B.M., Salem, M.B., Hershkop, S., Keromytis, A.D., Stolfo, S., 2009.

Designing host and network sensors to mitigate the insider threat. IEEE Secur.

Priv. 7, 22–29.

Brancik, K., 2007. Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks. CRC Press.

Bureau, F.I.P., 2013. Unintentional Insider Threats: A Foundational Study.

Butts, J.W., Mills, R.F., Baldwin, R.O., 2005. Developing an insider threat model using functional decomposition, in: Computer Network Security. Springer, pp.

412–417.

Calder, A., Watkins, S., 2012. IT Governance: An International Guide to Data Security and ISO27001/ISO27002. Kogan Page Publishers.

Callahan, C.J., 2013. Security information and event management tools and insider threat detection. DTIC Document.

Cappelli, D.M., Moore, A.P., Trzeciak, R.F., 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley.

Carbone, M., De Geus, P.L., 2004. A mechanism for automatic digital evidence collection on high-interaction honeypots, in: Information Assurance

Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC. IEEE, pp. 1–

8.

Center, C.I.T., 2011. Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. Software Engineering Institute, Carnegie Mellon University.

Krisdian Eko Sutedja Chagarlamudi, M., Panda, B., Hu, Y., 2009. Insider Threat in Database Systems:

Preventing Malicious Users’ Activities in Databases, in: | 2009 Sixth International Conference on Information Technology: New Generations.

IEEE, pp. 1616–1620.

Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S., 2005. Towards a theory of insider threat assessment, in: Dependable Systems and Networks, 2005. DSN 2005.

Proceedings. International Conference on. IEEE, pp. 108–117.

Clark, J.W., Collins, M., Strozer, J., 2015. Malicious Insiders with Ties to the Internet Underground Community, in: Availability, Reliability and Security (ARES), 2015 10th International Conference on. IEEE, pp. 374–381.

Cohen, F., 2012. Forensic Methods for Detecting Insider Turning Behaviors, in: 2012 IEEE Symposium on Security and Privacy Workshops. IEEE, pp. 150–158.

Cole, E., Ring, S., 2005. Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft: Protecting the Enterprise from Sabotage, Spying, and Theft. Syngress.

Cornelissen, W., 2009. Investigating insider threats: problems and solutions.

Crampton, J., Huth, M., 2010. Towards an access-control framework for countering insider threats, in: Insider Threats in Cyber Security. Springer, pp. 173–195.

Cummings, A., Lewellen, T., McIntire, D., Moore, A.P., Trzeciak, R., 2012. Insider threat study: Illicit cyber activity involving fraud in the US financial services sector. DTIC Document.

Cuthbertson, A., 2015. Hundreds of porn sites have been hit by a massive malware attack [WWW Document]. Bus. Insid. Aust. URL

http://www.businessinsider.com.au/hundreds-of-porn-sites-have-been-hit-by- a-massive-malware-attack-2015-12 (accessed 5.12.16).

Cybersecurity Ventures, n.d. Cybersecurity Market Report [WWW Document].

Cybersecurity Ventur. URL http://cybersecurityventures.com/cybersecurity- market-report/ (accessed 2.2.16).

Doss, G., Tejay, G., 2009. Developing insider attack detection model: a grounded approach, in: Intelligence and Security Informatics, 2009. ISI’09. IEEE International Conference on. IEEE, pp. 107–112.

Drewitt, T., 2013. A Manager’s Guide to ISO22301: A practical guide to developing and implementing a business continuity management system. IT Governance Ltd.

Furnell, S., 2003. Cybercrime: vandalizing the information society, in: Web Engineering. Springer, pp. 8–16.

Gerber, M., Von Solms, R., 2008. Information security requirements–interpreting the legal aspects. Comput. Secur. 27, 124–135.

Gibson, D., 2011. Microsoft Windows Security Essentials. John Wiley & Sons.

Goldring, T., 2003. User profiling for intrusion detection in windows nt. Comput. Sci.

Stat. 35.

Gregory, P.H., 2011. IT disaster recovery planning for dummies. John Wiley & Sons.

Hoyer, S., Zakhariya, H., Sandner, T., Breitner, M.H., 2012. Fraud prediction and the human factor: An approach to include human behavior in an automated fraud audit, in: System Science (HICSS), 2012 45th Hawaii International

Conference on. IEEE, pp. 2382–2391.

Krisdian Eko Sutedja Hunker, J., Probst, C.W., 2011. Insiders and Insider Threats-An Overview of

Definitions and Mitigation Techniques. JoWUA 2, 4–27.

Hunt, R., 1998. Internet/Intranet firewall security—policy, architecture and transaction services. Comput. Commun. 21, 1107–1123.

Indrajit, R., 2014. SOCIAL ENGINEERING FRAMEWORK: Understanding the Deception Strategy to Control Human Element of Information Security System (Master Thesis). Swiss German University, Tangerang.

ISO, 2013. ISO/IEC 27002:2013, Information technology -- Security techniques -- Code of practice for information security controls. International Organization for Standardization.

ISO, I., n.d. 7498-2: 1989. Inf. Process. Syst.-Open Syst. Interconnect. 7498–2.

Johnstone, M.N., 2011. Modelling misuse cases as a means of capturing security requirements.

Kamra, A., Bertino, E., Lebanon, G., 2008a. Mechanisms for database intrusion detection and response, in: Proceedings of the 2nd SIGMOD PhD Workshop on Innovative Database Research. ACM, pp. 31–36.

Kamra, A., Terzi, E., Bertino, E., 2008b. Detecting anomalous access patterns in relational databases. VLDB J. 17, 1063–1077.

Karakasiliotis, A., Furnell, S., Papadaki, M., 2006. Assessing end-user awareness of social engineering and phishing.

Lane, T., Brodley, C.E., 1997. Detecting the abnormal: Machine learning in computer security. ECE Tech. Rep. 74.

Latham, D.C., 1986. Department of defense trusted computer system evaluation criteria. Dep. Def.

LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C., 2011. Model-based security metrics using adversary view security evaluation (advise), in:

Quantitative Evaluation of Systems (QEST), 2011 Eighth International Conference on. IEEE, pp. 191–200.

Lili, G., Jianqiu, W., n.d. Risk Management of Human Behavior in IT Enterprises: A Survey of Current Approaches.

Liu, A., Martin, C., Hetherington, T., Matzner, S., 2005. A comparison of system call feature representations for insider threat detection, in: Information Assurance Workshop, 2005. IAW’05. Proceedings from the Sixth Annual IEEE SMC.

IEEE, pp. 340–347.

Magklaras, G., Furnell, S., 2001. Insider threat prediction tool: Evaluating the probability of IT misuse. Comput. Secur. 21, 62–73.

Maloof, M.A., Stephens, G.D., 2007. elicit: A system for detecting insiders who violate need-to-know, in: Recent Advances in Intrusion Detection. Springer, pp. 146–166.

MAS, 2013. Monetary Authority of Singapore - Internal Controls. Monetary Authority of Singapore, Singapore.

Mashechkin, I., Petrovskiy, M., Troshin, S., Shestimerov, A.A., n.d. Data Gathering and User Behavior Analysis System. Fac. Comput. Math. Cybern. Mosc. State Univ.

Mathew, S., Petropoulos, M., Ngo, H.Q., Upadhyaya, S., 2010. A data-centric

approach to insider attack detection in database systems, in: Recent Advances in Intrusion Detection. Springer, pp. 382–401.

Krisdian Eko Sutedja McCormick, M., 2008. Data theft: a prototypical insider threat, in: Insider Attack and

Cyber Security. Springer, pp. 53–68.

Merkow, M., Breithaupt, J., 2014. Information Security: Principles and Practices, 2nd Edition, 2nd ed. Pearson IT Certification.

Miller, R., Maxim, M., 2015. I Have to Trust Someone. …Don’t I? Dealing with insider threats to cyber-security. CA Technologies, Security Management.

Montelibano, J., Moore, A., 2012. Insider threat security reference architecture, in:

System Science (HICSS), 2012 45th Hawaii International Conference on.

IEEE, pp. 2412–2421.

Myers, J., Grimaila, M.R., Mills, R.F., 2009. Towards insider threat detection using web server logs, in: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies. ACM, p. 54.

Neumann, P.G., 2010. Combatting insider threats, in: Insider Threats in Cyber Security. Springer, pp. 17–44.

Nguyen, N.T., Reiher, P.L., Kuenning, G.H., 2003. Detecting Insider Threats by Monitoring System Call Activity., in: IAW. Citeseer, pp. 45–52.

NIST, S., 2010. 800-53 Rev. 3. Recomm. Secur. Controls Fed. Inf. Syst. Organ.

Nostro, N., Ceccarelli, A., Bondavalli, A., Brancati, F., 2014. Insider threat

assessment: A model-based methodology. ACM SIGOPS Oper. Syst. Rev. 48, 3–12.

OJK, 2013. Peraturan Otoritas Jasa Keuangan Nomor 1/POJK.07/2013.

Oladimeji, E., Supakkul, S., Chung, L., 2006. Security threat modeling and analysis:

A goal-oriented approach, in: Proc. of the 10th IASTED International

Conference on Software Engineering and Applications (SEA 2006). Citeseer, pp. 13–15.

Olusegun, O.J., Ithnin, N.B., 2013. People are the answer to security: Establishing a Sustainable Information Security Awareness Training (ISAT) program in organization. ArXiv Prepr. ArXiv13090188.

Parsons, K., McCormac, A., Butavicius, M., Ferguson, L., 2010. Human factors and information security: individual, culture and security environment.

Peltier, T.R., 2005. Information security risk analysis. CRC press.

Pfleeger, C.P., Pfleeger, S.L., 2002. Security in computing. Prentice Hall Professional Technical Reference.

Pham, D.V., Syed, A., Mohammad, A., Halgamuge, M.N., 2010. Threat analysis of portable hack tools from USB storage devices and protection solutions, in:

Information and Emerging Technologies (ICIET), 2010 International Conference on. IEEE, pp. 1–5.

Phyo, A., Furnell, S., 2004. A detection-oriented classification of insider it misuse, in:

Third Security Conference. Citeseer.

Probst, C.W., Hunker, J., Gollmann, D., Bishop, M., 2008. Countering insider threats.

PwC, 2015. 2015 Information Security Breaches Survey (Survey). PwC, UK.

Rohret, D., Kraft, M., 2011. Catch me if you can: Cyber Anonymity, in: ICIW2011- Proceedings of the 6th International Conference on Information Warfare and Secuirty: ICIW. Academic Conferences Limited, p. 213.

Krisdian Eko Sutedja Røstad, L., 2006. An extended misuse case notation: Including vulnerabilities and the

insider threat, in: XII Working Conference on Requirements Engineering:

Foundation for Software Quality, Luxembourg.

Rozenberg, B., Gudes, E., Elovici, Xy., Fledel, Y., 2011. A method for detecting unknown malicious executables, in: Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on. IEEE, pp. 190–196.

Russell, C., 2002. Security Awareness - Implementing an Effective Strategy. GSEC Pract. Version 14b – Option 1.

Salem, M.B., Hershkop, S., Stolfo, S.J., 2008. A survey of insider attack detection research, in: Insider Attack and Cyber Security. Springer, pp. 69–90.

Salem, M.B., Stolfo, S.J., 2011. Modeling user search behavior for masquerade detection, in: Recent Advances in Intrusion Detection. Springer, pp. 181–200.

Scambray, J., Shema, M., Sima, C., 2006. Hacking exposed: Web applications.

McGraw-Hill San Francisco.

Schlarman, S., 2001. The People, Policy, Technology (PPT) Model: Core Elements of the Security Process. Inf. Syst. Secur. 10, 1–6.

Schneier, B., 2013. People, Process, and Technology. Scheneier Secur.

Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y., 2001.

Computer intrusion: Detecting masquerades. Stat. Sci. 58–74.

Schultz, E.E., 2002. A framework for understanding and predicting insider attacks.

Comput. Secur. 21, 526–531.

Shavlik, J., Shavlik, M., 2004. Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage, in: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, pp. 276–285.

Shaw, E.D., Fischer, L.F., 2005. Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders analysis and observations.

DTIC Document.

Shostack, A., 2014. Threat modeling: Designing for security. John Wiley & Sons.

Silowash, G.J., Cappelli, D.M., Moore, A.P., Trzeciak, R.F., Shimeall, T., Flynn, L., 2012. Common sense guide to mitigating insider threats.

Sindre, G., Opdahl, A.L., 2005. Eliciting security requirements with misuse cases.

Requir. Eng. 10, 34–44.

Stalla-Bourdillon, S., Papadaki, E., Chown, T., 2014. From porn to cybersecurity passing by copyright: how mass surveillance technologies are gaining

legitimacy… The case of deep packet inspection technologies. Comput. Law Secur. Rev. 30, 670–686.

Stolfo, S.J., Bellovin, S.M., Hershkop, S., Keromytis, A.D., Sinclair, S., Smith, S., 2008. Insider attack and cyber security: beyond the hacker. Springer Science

& Business Media.

Stoneburner, G., Goguen, A.Y., Feringa, A., 2002. Sp 800-30. risk management guide for information technology systems.

Swanson, M., Bowen, P., Amy, W., Gallup, D., Lynes, D., 2010. NIST Special Publication 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems. Swanson P Bowen AW Phillips Gallup Lynes–2010–

149 P.

Krisdian Eko Sutedja Szor, P., 2005. The art of computer virus research and defense. Addison Wesley,

Upper Saddle River, NJ.

Taylor, R.W., Fritsch, E.J., Liederbach, J., 2014. Digital crime and digital terrorism.

Prentice Hall Press.

Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E., 2005. The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24, 472–484.

Thomas, R.C., others, 2001. A practical guide to Federal Enterprise Architecture.

Chief Inf. Off. Counc.

Tzu, S., 2011. The art of war. Shambhala Publications.

UcedaVelez, T., Morana, M.M., 2015. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons.

Udoeyop, A.W., 2010. Cyber profiling for insider threat detection.

Verizon, R., 2015. 2015 Data Breach Investigations Report.

von Roessing, R., 2010. The ISACA Business Model for Information Security: An Integrative and Innovative Approach, in: ISSE 2009 Securing Electronic Business Processes. Springer, pp. 37–47.

Whitman, M., Mattord, H., 2011. Principles of information security. Cengage Learning.

Whitman, M.E., 2003. Enemy at the gate: threats to information security. Commun.

ACM 46, 91–95.

Wilson, C., 2013. Credible Checklists and Quality Questionnaires: A User-centered Design Method. Newnes.

Wuchner, T., Pretschner, A., 2012. Data loss prevention based on data-driven usage control, in: Software Reliability Engineering (ISSRE), 2012 IEEE 23rd International Symposium on. IEEE, pp. 151–160.

Xing, X., Meng, W., Lee, B., Weinsberg, U., Sheth, A., Perdisci, R., Lee, W., 2015.

Understanding Malvertising Through Ad-Injecting Browser Extensions, in:

Proceedings of the 24th International Conference on World Wide Web.

International World Wide Web Conferences Steering Committee, pp. 1286–

1295.

Yang, Y.C., 2010. Web user behavioral profiling for user identification. Decis.

Support Syst. 49, 261–271.

Young, W.T., Memory, A., Goldberg, H.G., Ted, E., 2014. Detecting unknown insider threat scenarios, in: Security and Privacy Workshops (SPW), 2014 IEEE. IEEE, pp. 277–288.