RTISFS will support identifying and defending against malicious insiders functionalities through: a wider range of access limitations; immutable, non-alerting forensic audit trail; dynamic environment supporting interactions with users without revealing the depth of forensic and enforcement capabilities; scripted interrogatories to assist separating anomalies attributed to malicious insiders from those of honest intent; ability to increase levels of surveillance or limitation of access as increasing suspicion dictates to minimize damage; and extendable scripting language for handling various types of anomalies tailored for the subject domain. RTISFS will accomplish this according to all applicable legal procedures in such a way that all potential response options are maintained: legal action, turning, use of insider as unwitting communication channel, and collection and penetration of the adversary actor.
Keywords: Computer Security, Insider, Counter-Intelligence, Fraud, Forensics, Law Enforcement, Surveillance, Cyber Espionage
