M-Score: A Misuseability Weight Measure. Harel, A., Shabtai, A., Rokach, L., & Elovici, Y. IEEE Trans. Dependable Sec. Comput., 9(3):414-428, 2012.
Link
Paper doi abstract bibtex Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization's systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.
@article{DBLP:journals/tdsc/HarelSRE12,
journal = {IEEE Trans. Dependable Sec. Comput.},
author = {Amir Harel and
Asaf Shabtai and
Lior Rokach and
Yuval Elovici},
title = {M-Score: A Misuseability Weight Measure},
ee = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.17},
url = {http://www.ise.bgu.ac.il/faculty/liorr/MSCORE.pdf},
bibsource = {DBLP, http://dblp.uni-trier.de},
pages = {414-428},
volume = {9},
number = {3},
year = {2012},
abstract={Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization's systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.},
doi={10.1109/TDSC.2012.17},
keywords = {Information security, Cyber security, Data misuse, Data leakage}
}
Downloads: 0
{"_id":"PgbK7PBhoZcvaMqrx","bibbaseid":"harel-shabtai-rokach-elovici-mscoreamisuseabilityweightmeasure-2012","author_short":["Harel, A.","Shabtai, A.","Rokach, L.","Elovici, Y."],"bibdata":{"bibtype":"article","type":"article","journal":"IEEE Trans. Dependable Sec. Comput.","author":[{"firstnames":["Amir"],"propositions":[],"lastnames":["Harel"],"suffixes":[]},{"firstnames":["Asaf"],"propositions":[],"lastnames":["Shabtai"],"suffixes":[]},{"firstnames":["Lior"],"propositions":[],"lastnames":["Rokach"],"suffixes":[]},{"firstnames":["Yuval"],"propositions":[],"lastnames":["Elovici"],"suffixes":[]}],"title":"M-Score: A Misuseability Weight Measure","ee":"http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.17","url":"http://www.ise.bgu.ac.il/faculty/liorr/MSCORE.pdf","bibsource":"DBLP, http://dblp.uni-trier.de","pages":"414-428","volume":"9","number":"3","year":"2012","abstract":"Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization's systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.","doi":"10.1109/TDSC.2012.17","keywords":"Information security, Cyber security, Data misuse, Data leakage","bibtex":"@article{DBLP:journals/tdsc/HarelSRE12,\r\n journal = {IEEE Trans. Dependable Sec. Comput.},\r\n author = {Amir Harel and\r\n Asaf Shabtai and\r\n Lior Rokach and\r\n Yuval Elovici},\r\n title = {M-Score: A Misuseability Weight Measure},\r\n ee = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.17},\r\n url\t\t= {http://www.ise.bgu.ac.il/faculty/liorr/MSCORE.pdf},\r\n bibsource = {DBLP, http://dblp.uni-trier.de},\r\n pages = {414-428},\r\n volume = {9},\r\n number = {3},\r\n year = {2012},\r\n abstract={Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization's systems and its critical data. In this paper, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the ability of the user to maliciously exploit this data. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, discuss some of its properties, and demonstrate its usefulness in several leakage scenarios. One of the main challenges in applying the M-score measure is in acquiring the required knowledge from a domain expert. Therefore, we present and evaluate two approaches toward eliciting misuseability conceptions from the domain expert.}, \r\n doi={10.1109/TDSC.2012.17}, \r\n keywords = {Information security, Cyber security, Data misuse, Data leakage}\r\n}\r\n\r\n","author_short":["Harel, A.","Shabtai, A.","Rokach, L.","Elovici, Y."],"key":"DBLP:journals/tdsc/HarelSRE12","id":"DBLP:journals/tdsc/HarelSRE12","bibbaseid":"harel-shabtai-rokach-elovici-mscoreamisuseabilityweightmeasure-2012","role":"author","urls":{"Link":"http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.17","Paper":"http://www.ise.bgu.ac.il/faculty/liorr/MSCORE.pdf"},"keyword":["Information security","Cyber security","Data misuse","Data leakage"],"metadata":{"authorlinks":{}},"html":""},"bibtype":"article","biburl":"www.ise.bgu.ac.il/faculty/liorr/liorrokach122012.txt","dataSources":["HLsp6sSsQQZwywcSL","NhJvHJs9CpZ5T5D7K"],"keywords":["information security","cyber security","data misuse","data leakage"],"search_terms":["score","misuseability","weight","measure","harel","shabtai","rokach","elovici"],"title":"M-Score: A Misuseability Weight Measure","year":2012}