Insider Threat and Information Security Management

Coles-Kemp, Lizzie; Theoharidou, Marianthi

doi:10.1007/978-1-4419-7133-3_3

Cited by 28 publications

(24 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This was expanded to also include computer deviance in the workplace (Mastrangelo, Everton and Jolton, 2006;Robinson and Bennett, 1995;Weatherbee, 2010), information security (Coles- Kemp and Theoharidou, 2010;Colwill, 2010), and criminal profiling (Gudaitis, 1998;Nykodym, Taylor and Vilela, 2006). Mastrangelo, Everton and Jolton (2006) report that 5-10% of employees engage in "antagonistic forms of deviant computer use" (p. 739) -socially undesirable behaviors such as gambling at work, downloading pornography, asking coworkers for dates, and violating confidentiality-and that the most common forms of deviant computer use involved personal email and chat sessions.…”

Section: Relevant Researchmentioning

confidence: 99%

Identifying at-risk employees: A behavioral model for predicting potential insider threats

Greitzer¹,

Kangas²,

Noonan³

et al. 2010

View full text Add to dashboard Cite

SummaryA model was developed to assess employees' behavioral manifestations of a number of psychological and personality predispositions that are hypothesized to indicate an increased risk of insider abuse. This psychosocial model is based on case studies and research literature on factors and correlates associated with behavioral precursors of individuals committing insider crimes. In many of these crimes, managers and other coworkers observed that the offenders had exhibited signs of stress, disgruntlement, or other issues, but no alarms were raised. Barriers to using such psychosocial indicators include the inability to recognize the signs and the failure to record the behaviors so that they can be assessed.The model has been implemented as a Bayesian belief network, designed with the help of human resources staff experienced in evaluating workplace behaviors. We conducted an experiment to assess the agreement of the model's risk assessment output with judgments of human resources and management professionals on the relative insider threat risks of a collection of sample scenarios. The model exhibited strong agreement with judgments of the human experts, suggesting that it has potential as a tool to raise an alarm about employees who pose higher insider threat risks. While additional testing is needed, we suggest that combining this type of analysis with more traditional cyber/workstation monitoring tools can ease the processing burden and improve performance of computer-assisted insider threat monitoring and detection.v

show abstract

Section: Relevant Researchmentioning

confidence: 99%

Identifying at-risk employees: A behavioral model for predicting potential insider threats

Greitzer¹,

Kangas²,

Noonan³

et al. 2010

View full text Add to dashboard Cite

show abstract

“…• 'Increase the effort' includes 'target hardening', 'control of access to facilities', 'screen exits', 'deflecting offenders' and 'controlling tools' • 'Increase the risks' includes 'extending guardianship', 'assisting natural surveillance', 'reducing anonymity', 'utilizing place managers' and 'strengthening formal surveillance' • 'Reduce the rewards' includes 'concealing targets', 'removing targets', 'identifying property', 'disrupting markets' and 'denying benefits' • 'Reduce provocations' includes 'reducing frustrations and stress', 'avoiding disputes', 'reducing emotional arousal', 'neutralizing peer pressure' and 'discouraging imitation' • 'Remove excuses' includes 'setting rules', 'posting instructions', 'alerting conscience', 'assisting compliance' and 'controlling drugs and alcohol' [70] These techniques were given 'digital analogies' by Beebe and Roa [71], Willison [15] and Coles-Kemp and Theoharidou [14]. We will consider only 'Remove excuses', as being the most appropriate to the study reported on.…”

Section: Situational Crime Preventionmentioning

confidence: 99%

“…In terms of 'posting instructions', e-mail disclaimers [71] are recommended as a comparable information security control, apart from the typical controls such as information security policy. Single sign-on [15] and 'a single point of reference for security' [14] have been proposed as information security controls to realize the 'assisting compliance' technique. In terms of 'alerting conscience', the information security controls that are recommended include copyright protection [14], a code of ethics [14] and 'multi-level warning banners' [71].…”

Section: Situational Crime Preventionmentioning

confidence: 99%

“…Single sign-on [15] and 'a single point of reference for security' [14] have been proposed as information security controls to realize the 'assisting compliance' technique. In terms of 'alerting conscience', the information security controls that are recommended include copyright protection [14], a code of ethics [14] and 'multi-level warning banners' [71]. The 'controlling drugs and alcohol' technique is incongruent with the domain of information security, and was not considered in this research.…”

Section: Situational Crime Preventionmentioning

confidence: 99%

“…The model described here leverages these techniques. In the past, situational crime prevention theory has been applied in order to solve the problem of the insider threat [14]. If offenders can be prevented from rationalizing and excusing their criminal actions, they will be open to feelings of guilt and shame [15], and will consequently refrain from committing the crime.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Insider Threat Neutralization Mitigation Model Predicated On Cognitive Dissonance (ITNMCD)

Padayachee¹

2015

SACJ

View full text Add to dashboard Cite

The insider threat concern is a complex issue, as the problem domain intersects the social, technical and socio-technical dimensions. Consequently, counteracting the insider threat involves influencing the insider’s perceptions and behaviour in order to ensure compliance. When an individual’s actions and beliefs are incongruent, this induces a phenomenon known as cognitive dissonance. In order to reduce this dissonance, individuals are self-motivated either to change their behaviours or beliefs, or to rationalize their behaviour. Neutralization is a technique used by criminals to rationalize maleficence. In terms of the insider threat, it has been proposed that if the justifications for committing an offence are eliminated, then the insider is less likely to commit the offence. This process is known as neutralization mitigation. The research reported on here proposes that inducing cognitive dissonance may be a means of mitigating the neutralizations that the insider may use to justify maleficence. To integrate these concepts into a pragmatic implementable solution the Insider Threat Neutralization Mitigation model predicated on Cognitive Dissonance (ITNMCD) is proposed. A proof-of-concept was developed and the model concept was evaluated using the design science method.

show abstract

Understanding Insider Threat Attacks Using Natural Language Processing: Automatically Mapping Organic Narrative Reports to Existing Insider Threat Frameworks

Paxton-Fear

Hodges

Buckley

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Traditionally cyber security has focused on defending against external threats, over the last decade we have seen an increasing awareness of the threat posed by internal actors. Current approaches to reducing this risk have been based upon technical controls, psychologically understanding the insider's decision-making processes or sociological approaches ensuring constructive workplace behaviour. However, it is clear that these controls are not enough to mitigate this threat with a 2019 report suggesting that 34% of breaches involved internal actors. There are a number of Insider threat frameworks that bridge the gap between these views, creating a holistic view of insider threat. These models can be difficult to contextualise within an organisation and hence developing actionable insight is challenging. An important task in understanding an insider attack is to gather a 360-degree understanding of the incident across multiple business areas: e.g. co-workers, HR, IT, etc. can be key to understanding the attack. We propose a new approach to gathering organic narratives of an insider threat incident that then uses a computational approach to map these narratives to an existing insider threat framework. Leveraging Natural Language Processing (NLP) we exploit a large collection of insider threat reporting to create an understanding of insider threat. This understanding is then applied to a set of reports of a single attack to generate a computational representation of the attack. This representation is then successfully mapped to an existing, manual insider threat framework.

show abstract

Insider Threat and Information Security Management

Cited by 28 publications

References 14 publications

Identifying at-risk employees: A behavioral model for predicting potential insider threats

Identifying at-risk employees: A behavioral model for predicting potential insider threats

An Insider Threat Neutralization Mitigation Model Predicated On Cognitive Dissonance (ITNMCD)

Understanding Insider Threat Attacks Using Natural Language Processing: Automatically Mapping Organic Narrative Reports to Existing Insider Threat Frameworks

Contact Info

Product

Resources

About