M-Score: Estimating the potential damage of data leakage incident by assigning misuseability weight

Amir Harel, Asaf Shabtai

Ben-Gurion University of the Negev, 2011

Detecting and preventing data leakage and data misuse poses a serious challenge for organizations, especially when dealing with insiders with legitimate permissions to access the organization’s systems and its critical data. Much research has been conducted in order to find a solution to these threats. None of these solutions, however, had considered the sensitivity level of the data and the extent of damage to the organization if that data falls into the wrong hands. In this work, we present a new concept, Misuseability Weight, for estimating the risk emanating from data exposed to insiders. This concept focuses on assigning a score that represents the sensitivity level of the data exposed to the user and by that predicts the expected damage ifthe user maliciously exploit this data (for example, leak the data that she accessed to a competitors). As a concept, the misuseability weight is both domain and data-format independent. Therefore, we define four dimensions of misuseability, which every measure implementing the misuseability concept must consider. Then, we propose a new measure, the M-score, which assigns a misuseability weight to tabular data, such as relational database result-sets, which is today a very common format, used by organizations to handle data. The proposed measure use data acquired from domain expert, in order to calculate the misuseability weight of each table of data. Then, we discuss some of the M-score properties, and demonstrate its usefulness in several leakage scenarios. Finally, we present several applications of the M-score-applying