Who Can We Trust?: The Economic Impact of Insider Threats

Hua, Jian; Bapna, Sanjay

doi:10.1080/1097198x.2013.10845648

Cited by 9 publications

(9 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Damaging effects on the reputation and consumers trust are a result of poor network assessment and management which affect the appropriate utilization of IDS [80]. And this is the biggest threats to organizations when security incidents emerge from internal sources [44]. The cause for not finding a reasonable solution for insider threats is because human behavior cannot be accounted for and the motive for performing such attacks varies [31].…”

Section: Insider and Outsider Threatsmentioning

confidence: 99%

“…The impact of internal misuse of information within the organization has increased the vulnerability and risks associated with such abuse [44]. A useful strategy is to implement different security concepts to deter any possible internal threats such as employing disciplinary actions to control human behavior and attitude, the use of more monitoring surveillance, perimeter defense, and notably incorporating decoys as a mean of deception to attackers [8].…”

Section: Researchmentioning

confidence: 99%

See 1 more Smart Citation

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Loukaka¹,

Rahman²

2017

IJCNC

View full text Add to dashboard Cite

Cybersecurity has become a very hot topic due to high profile breaches that occurred in the past years. Despite the implementation of current known pre-emptive methods such as intrusion detection systems, anti-viruses, and the use of firewalls, hackers still find sophisticated means to steal data or impair an organization by targeting their assets. It is important that security professionals need to "think outside the box" and use new tools and techniques to mitigate threats beyond current known detections and prevention technologies. It is imperative that our infrastructure and assets are impermeable from domestic and foreign attackers. Our best line of defense is the detection of any threats or vulnerability to prevent or minimize damages of our assets from domestic and foreign attackers.

show abstract

Section: Insider and Outsider Threatsmentioning

confidence: 99%

Section: Researchmentioning

confidence: 99%

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Loukaka¹,

Rahman²

2017

IJCNC

View full text Add to dashboard Cite

show abstract

“…Hua and Bapna [69] study the impact of cyber-terrorism on economy. They propose a game theoretical model to find the optimal information system security investment and investigate the economic looses caused by terrorism and common hackers.…”

Section: Electronic Warfare Gamesmentioning

confidence: 99%

“…Other work [69] investigates the impact of cyber-threats on information systems investment using game theory approach.…”

Section: Electronic Warfare Gamesmentioning

confidence: 99%

A Survey of Game Theoretic Approaches to Modelling Decision-Making in Information Warfare Scenarios

et al. 2016

View full text Add to dashboard Cite

Our increasing dependence on information technologies and autonomous systems has escalated international concern for information-and cyber-security in the face of politically, socially and religiously motivated cyber-attacks. Information warfare tactics that interfere with the flow of information can challenge the survival of individuals and groups. It is increasingly important that both humans and machines can make decisions that ensure the trustworthiness of information, communication and autonomous systems. Subsequently, an important research direction is concerned with modelling decision-making processes. One approach to this involves modelling decision-making scenarios as games using game theory. This paper presents a survey of information warfare literature, with the purpose of identifying games that model different types of information warfare operations. Our contribution is a systematic identification and classification of information warfare games, as a basis for modelling decision-making by humans and machines in such scenarios. We also present a taxonomy of games that map to information warfare and cyber crime problems as a precursor to future research on decision-making in such scenarios. We identify and discuss open research questions including the role of behavioural game theory in modelling human decision making and the role of machine decision-making in information warfare scenarios.

show abstract

“…Barriers, firewalls and other controls intended to stop external adversaries are generally ineffective for insiders, making this a major and complex security challenge [1]. Although attacks from outside the organisation are more frequent, insiders deliberately or inadvertently misusing their knowledge and access to information generate greater overall consequences [2][3][4][5]. Estimates of the costs of the average insider incident exceed US$400,000, and many incidents exceed US$1 billion in losses [6].…”

Section: Introductionmentioning

confidence: 99%

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

Sektas-Bilusich¹,

Nunes-Vaz²,

Chim³

et al. 2020

IJSSE

View full text Add to dashboard Cite

Threats to information security from inside an organisation are difficult to manage as insiders, by definition, have legitimate access to the organisation's information, consistent with their roles. Impacts of insider threats range from minor information compromise perhaps through carelessness, to catastrophic financial and reputational damage. Security managers are required to continually upgrade security measures to reduce the risk posed by insider threats, however with so many security controls to choose from, finding optimal security solutions based on benefit-cost is challenging. We have developed a risk-based framework called Security-in-Depth (SiD) where residual risk is the metric that assists the security manager to make informed decisions on which security packages contribute more to the organisation's security objectives. We present a case study to illustrate the way our framework is applied, customised to manage a range of insider threats. Uncertainties about the future threat spectrum and the future effectiveness of controls are included in the framework to inform the decisionmaking process.

show abstract

Who Can We Trust?: The Economic Impact of Insider Threats

Cited by 9 publications

References 22 publications

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Discovering New Cyber Protection Approaches from a Security Professional Prospective

A Survey of Game Theoretic Approaches to Modelling Decision-Making in Information Warfare Scenarios

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

Contact Info

Product

Resources

About