This research uses two recently introduced observer rating scales, (Shaw et al., 2013) for the identification and measurement of negative sentiment (the Scale for Negativity in Text or SNIT) and insider risk (Scale of Indicators of Risk in Digital Communication or SIRDC) in communications to test the performance of psycholinguistic software designed to detect indicators of these risk factors. The psycholinguistic software program, WarmTouch (WT), previously used for investigations, appeared to be an effective means for locating communications scored High or Medium in negative sentiment by the SNIT or High in insider risk by the SIRDC within a randomly selected sample from the Enron archive. WT proved less effective in locating emails Low in negative sentiment on the SNIT and Low in insider risk on the SIRDC. However, WT performed extremely well in identifying communications from actual insiders randomly selected from case files and inserted in this email sample. In addition, it appeared that WT's measure of perceived Victimization was a significant supplement to using negative sentiment alone, when it came to searching for actual insiders. Previous findings ( Shaw et al., 2013) indicate that this relative weakness in identifying low levels of negative sentiment may not impair WT's usefulness for identifying communications containing Forensics, Security and Law, Vol. 8(2) 74 significant indications of insider risk because of the very low base rate and low severity of insider risk at Low levels of negative sentiment (Shaw et al., 2013). Although many of the "false positives" acquired in the successful search for actual insiders in this experiment were shown to be true positives for other forms of insider risk, WT still produced fairly high rates of false positives that could burden analysts, as described by the search times provided. As further research and development proceeds to address this problem, we again recommend the use of WT in an integrated multi-disciplinary array of detection methods that will serve as an initial screen to narrow the search for individuals at-risk for insider activities. The implications for insider threat research, detection and prevention are discussed.
Journal of Digital
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.