Dennis Holstein of Opus Consulting presented a Consequence Based Assessment Schema at S4 2012. The goal of the schema is to detect an insider attacks, and Dennis goes through the work he has been doing with the National Labs. It is a bit wonkish, like most statistical papers, but the goal of automated monitoring to detect insider attacks is worth the effort.
The presentation also highlights a lot of the peer work in this area.
Dennis also gives some thoughts on whether the ISA99 Security Assurance Levels (SALs) are achievable. He has been very active in this effort so the comments are worth hearing.