During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this workshop is to showcase the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the workshop will be a trigger for further research and technology improvements related to this important subject.

Topics of Interest

The workshop seeks original contributions in all relevant areas, including but not limited to the following topics:

  • Theoretical foundations and algorithms for addressing insider threats
  • Insider threat assessment and modeling
  • Security technologies to prevent, detect and avoid insider threats
  • Validating the trustworthiness of staff
  • Post-insider threat incident analysis
  • Data breach modeling and mitigation techniques
  • Registration, authentication and identification
  • Certification and authorization
  • Database security
  • Device control system
  • Digital forensic system
  • Digital right management system
  • Fraud detection
  • Network access control system
  • Intrusion detection
  • Keyboard information security
  • Information security governance
  • Information security management systems
  • Risk assessment and management
  • Log collection and analysis
  • Trust management
  • IT compliance (audit)
  • Continuous auditing