The Insider Threat Prediction and Specification Language
Various information security surveys and case studies indicate the importance andMagklaras GB, Furnell SM
manifestation of the insider threat problem. One of the most important tools to address insider
threats is to enable the researchers to build case studies and express/replay threat scenarios.
The Insider Threat Prediction and Specification Language (ITPSL) is a Domain Specific
Language (DSL) created to provide a systemic way to describe insider threats and misuse
incidents. This paper presents the scope of creation as well as the design philosophy of the
language. An early language compiler prototype and its underlying insider threat monitoring
framework are presented followed by an evaluation of the language against real world insider
threat scenarios. The paper concludes with a brief discussion of the future trends in insider
threat monitoring and specification.