Contextualising the insider threat: a mixed method study (original) (raw)
Related papers
Redefining insider threats: a distinction between insider hazards and insider threats
Security Journal, 2020
This article suggests a new definition of insiders and insider threats. It refrains from applying a harmoriented perspective that concentrates on the insider's intention to cause harm because it defines the insider threat either too narrow or too broad. Instead, a privilege-oriented perspective is applied that focuses on the insider's intention to misuse his privileged access to or knowledge about the organizational assets. Because existing privilege-oriented definitions refrain from making an explicit and clear-cut division between intentional and unintentional misuse of privilege, a new conceptualization is suggested that distinguishes insider hazards from insider threats. If the insider unintentionally misuses his insider privilege, it concerns an insider hazard. If the insider intentionally misuses his insider privilege, it is regarded as an insider threat.
Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies
2014 47th Hawaii International Conference on System Sciences, 2014
Organizations often suffer harm from individuals who bear them no malice but whose actions unintentionally expose the organizations to risk in some way. This paper examines initial findings from research on such cases, referred to as unintentional insider threat (UIT). The goal of this paper is to inform government and industry stakeholders about the problem and its possible causes and mitigation strategies. As an initial approach to addressing the problem, we developed an operational definition for UIT, reviewed research relevant to possible causes and contributing factors, and provided examples of UIT cases and their frequencies across several categories. We conclude the paper by discussing initial recommendations on mitigation strategies and countermeasures.
Insiders Behaving Badly: Addressing Bad Actors and Their Actions
IEEE Transactions on Information Forensics and Security, 2000
We present a framework for describing insiders and their actions based on the organization, the environment, the system, and the individual. Using several real examples of unwelcome insider action (hard drive removal, stolen intellectual property, tax fraud, and proliferation of e-mail responses), we show how the taxonomy helps in understanding how each situation arose and could have been addressed. The differentiation among types of threats suggests how effective responses to insider threats might be shaped, what choices exist for each type of threat, and the implications of each. Future work will consider appropriate strategies to address each type of insider threat in terms of detection, prevention, mitigation, remediation, and punishment.
Organizational Vulnerability to Insider Threat
Communications in Computer and Information Science, 2016
Approaches to the study of organizational vulnerabilities to intentional insider threat has been narrow in focus. Cyber security research has dominated other forms of insider threat research [1]. However, within the scope of cyber security, the effort is predominantly focused on external threats or technological mitigation strategies. Deeper understanding of organizational vulnerabilities influencing insider threat and responses to insider threats beyond technological security remains limited in Australia. Despite the increasing potential threat and impact of such risk to organizations, empirical studies remain rare. This paper presents an initial study related to identifying organizational vulnerabilities associated with intentional insider threat. A Delphi Method was employed as part of a broader mixed methods study. There was a strong consensus amongst Australian experts as to the primary organizational vulnerabilities to insider threat. These main risks extend across personnel, process, technological and strategic (resource allocation) domains. The organizational vulnerabilities identified by Australian experts is consistent with research, literature, and guidelines, available from other countries. The results confirm the need to look beyond the narrow focus on individuals and technology in order to fully address the insider threat problem. Whilst only preliminary results are presented here, future analysis of data will focus on identifying best practice solutions for the Australian market.
Understanding Insider Threat: A Framework for Characterising Attacks
2014 IEEE Security and Privacy Workshops, 2014
The threat that insiders pose to businesses, institutions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and its prevalence. Despite this, however, there is still no unifying framework to fully characterise insider attacks and to facilitate an understanding of the problem, its many components and how they all fit together. In this paper, we focus on this challenge and put forward a grounded framework for understanding and reflecting on the threat that insiders pose. Specifically, we propose a novel conceptualisation that is heavily grounded in insiderthreat case studies, existing literature and relevant psychological theory. The framework identifies several key elements within the problem space, concentrating not only on noteworthy events and indicators-technical and behavioural-of potential attacks, but also on attackers (e.g., the motivation behind malicious threats and the human factors related to unintentional ones), and on the range of attacks being witnessed. The real value of our framework is in its emphasis on bringing together and defining clearly the various aspects of insider threat, all based on realworld cases and pertinent literature. This can therefore act as a platform for general understanding of the threat, and also for reflection, modelling past attacks and looking for useful patterns.
Behavioral science guidelines for assessing insider threats
2008
Abstract This brochure presents a framework to view threats made by an insider that are targeted or intentional (as opposed to negligent or unintentional) and that involve some degree of deliberation (as opposed to those that may be considered impulsive). The framework was developed with the assumption that it must:
Effective Dealing with Insider Threats a Comparison of Qualitative and Quantitative Research
Asian Journal of Research in Computer Science
This paper studies and compare qualitative and quantitative research paper to find what research methodology is having disengages and disadvantages of such research. This paper is based on mainly two articles to do the said comparison. This will be discussed about the relevant articles that have been selected on the main theme of the research study. It can be understood that these findings are also based on the literature review of the study because all the data are gathered from secondary resources.
A behavioral theory of insider-threat risks
ACM Transactions on Modeling and Computer Simulation, 2008
The authors describe a behavioral theory of the dynamics of insider-threat risks. Drawing on data related to information technology security violations and on a case study created to explain the dynamics observed in that data, the authors constructed a system dynamics model of a theory of the development of insider-threat risks and conducted numerical simulations to explore the parameter and response spaces of the model. By examining several scenarios in which attention to events, increased judging capabilities, better information, and training activities are simulated, the authors theorize about why information technology security effectiveness changes over time. 7:2 • I. J. Martinez-Moyano et al.
THE INSIDER THREAT – UNDERSTANDING THE ABERRANT THINKING OF THE ROGUE “TRUSTED AGENT”
ECIS, European Conference on Information Systems
A deficiency exists in the Information Systems Security literature because of the paucity of research aimed at understanding the mind of the ‘insider criminal’. Much of the academic and popular press focuses on external breaches but the greatest danger to an organisation lurks within. Whatever the motivation, the ‘trusted agent’ inside the organisation has the potential to do more damage than an anonymous outsider and it is by increasing our understanding of this threat that we will get greater value for our defence efforts. While acknowledging that a significant number of security incidents are attributable to employees, it is important to remember in an organisational context, that simply increasing security controls and sanctions has previously been shown to be counterproductive. Therefore this research-in-progress takes the approach of increasing our understanding of how such offenders think, through a synthesis of Rational Choice Theory, Deterrence Theory, Neutralisation Theory and elements from Criminological Theory. In deliberately prioritising problems that are important in practice and basing our measures on these priorities we will improve on the contextual relevance of previous studies in this area, thereby making a solid contribution to the field.
Security Journal, 2017
Any organisation is susceptible to a breach of security from outside: hacking, product contamination, theft of intellectual property and so on. Although all of these are risks to an organisation and can be highly deleterious to its financial health and reputation, the threat posed by a malevolent insider can be even more challenging. Whilst there has been a large quantity of academic articles and industry surveys produced on the theme of Insider Threats-the majority of this published work is descriptive or details the effects of insiders' actions. This paper provides initial thoughts around some practical and pragmatic steps to being to gain clarity on the challenge of insider threat and how organisations may draw on novel approaches to grow early warning, response and mitigation against Insider Threats. The paper also discusses the importance of security culture and risk communication.