A. EL-LICY, FATMAHUSSEIN, OMARHEGAZY, OSMAN2020-02-132020-02-132010[1] CSI, 2007. Computer Crime and Security Survey, Computer Security Institute Web page at URL: “http://www.computer-corner.com/pdf/CSISurvey2007.pdf”. Last Accessed July 18 2010. [2] CSI and FBI, 2006. Computer Crime and Security Survey, Computer Security Institute and Federal Bureau of Investigation, Web page at URL: “http://www.computer-corner.com/pdf/CSISurvey2007.pdf”. Accessed July 18, 2010. [3] Howlett, T. 2005. Open Source Security Tools: Practical Applications for Security, Pearson Education. [4] Peltier, T., et al. 2005. Information Security Fundamentals, CRC Press. [5] Gordon, S., & Gordon, J. 2004. Information Systems: A Management Approach, 3 rd edition, Leyh Publishing. [6] Hussien, Omar, et. al. 2008. A Security Policy Based on Data Integrity Verification, Master Thesis, Cairo University, Institute of Statistical Studies and Research Department of Computer and Information Sciences. [7] Stallings, W. 2003. Cryptography and Network Security: Principles and Practice, 3rd edition, Pearson Education. [8] Park, Jaehong and Sandhu, Ravi. 2002. Towards Usage Control Models: Beyond Traditional Access Control. Web page at URL: “http://filebox.vt.edu/users/sshah/p57- park.pdf”. Accessed 13 October 2008 [9] Peltier, T. 2005. Information Security Risk Analysis, 2nd edition, CRC Press Taylor & Francis Group. [10] Conklin, W., et al. 2004. Principles of Computer Security, McGraw-Hill Technology Education. FATMA A. EL-LICY, OMAR HUSSEIN & OSMAN HEGAZY The Egyptian Computer Journal, Vol. 37, No. 1, 2010 89 [11] Kolman, B., et al. 1996. Discrete Mathematical Structures, 3rd edition, Prentice- Hall International. [12] Pfleeger, C. 1987. Security in Computing, Prentice-Hall International. [13] Pipkin, D. 2000. Information Security: Protecting the Global Enterprise, Prentice- Hall International. [14] CSI Computer Security Institute, 2009, “CSI Computer Crime and Security Survey 2009,” web page at URL: ”http://gocsi.com/node/577”. [15] “Safeguarding against insider threats: a problem analysis and solution overview to securing enterprise data”, 2006. Web page at URL: “http://wp.bitpipe.com /resource/org _1136846669_454/ON_Whitepaper_1_30_06_In-Network.pdf”.https://t.ly/P3qbxMSA Google ScholarThis paper presents a method to safeguard stored data integrity from attacks committed by insiders. This method forms an additional data security layer to detect and prevent unauthorized modification to critical configuration and data files. It integrates Biba strict integrity mandatory access control security policy with the verification by comparison data integrity assurance method. This proposed layer focuses on monitoring critical files in order to limits the scope of potential damage resulting from unattended sessions, and prevents usage of ill-gotten access rights. The paper discusses consequences of such integration.enOctober University for University of Security Policy, Multilevel Security, Data Integrity Verification, Access Control, ACL, DAC, MACInternal Security Policy and Data Integrity VerificationArticle