Toward an Architectural Framework to Improve Accountability in the Use of Electronic Records
Gordon E. Lyon, Alan Mink, R E. Van dyck
Sensitive electronic record systems (ERSs) raise questions about their proper use. Insider-threat involves hidden, unknown and unanticipated activities that constitute unacceptable use of an ERS, even while operating within individual access privileges. Insider-threat detection and control is an ERS monitoring and management challenge of the first order. A flexible preliminary framework can encourage discussion and comparison among various monitoring elements for the insider-threat. Responding to a lack of such a framework, one is sketched here: It employs two perspectives of an ERS user -- structural and intentional. The structural view is short term, whereas the intentional view seeks to discover general content topics of interest to a user, and to follow these over time. Discussion includes details of a possible architecture that uses untrained classification methods to amplify the concern set beyond that specifically defined at the onset of monitoring. The general framework may expedite development of common guidelines and methodologies to monitor insider threats. Although developed for medical services (e.g., an E-Health RS), the framework likely has applicability in other similar database areas such as security and intelligence archiving.
, Mink, A.
and Van dyck, R.
Toward an Architectural Framework to Improve Accountability in the Use of Electronic Records, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.7157, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150309
(Accessed December 10, 2023)