Insider Threats\u27 Behaviors and Data Security Management Strategies

As insider threats and data security management concerns become more prevalent, the identification of risky behaviors in the workplace is crucial for the privacy of individuals and the survival of organizations. The purpose of this three-round qualitative Delphi study was to identify real-time consensus among 25 information technology (IT) subject matter experts (SMEs) in the Washington metropolitan area about insider threats and data security management. The SMEs participating in this study were adult IT professionals and senior managers with certification in their area of specialization and at least 5 years of practical experience. The dark triad theory was the conceptual framework used for describing behaviors attributed to reasons and motivators for insider threats in public and private organizations. The research questions pertained to reasons and motivators for insider threats in organizations, security strategies and early interventions used, and potential policies and procedures to manage insider threats’ access to systems. One open-ended survey and two closed-ended surveys were disseminated via Survey Monkey. Data analysis consisted of data reduction through consolidation, data display, and data verification. Data were analyzed through categorization and direct interpretation using a 5-point Likert agreement scale. The findings revealed consensus about reasons and motivators such as insufficient guidelines and training, lack of background investigations, and financial gain and money; security strategies and early interventions; and policies and procedures to manage insider threats’ access to systems. Overall, training was the most important element preventing insider threats. The findings may inform how organizations build safe working environments that increase employee recruitment, retention, and loyalty while reducing identity theft and increasing data security in organizations

Cyberterrorism: A postmodern view of networks of terror and how computer security experts and law enforcement officials fight them.

The purpose of this study is to investigate how cyberterrorists create networks in order to engage in malicious activities against the Internet and computers. The purpose of the study is also to understand how computer security labs (i.e., in universities) and various agencies (that is, law enforcement agencies such as police departments and the FBI) create joint networks in their fight against cyberterrorists. This idea of analyzing the social networks of two opposing sides rests on the premise that it takes networks to fight networks. The ultimate goal is to show that, because of the postmodern nature of the Internet, the fight between networks of cyberterrorists and networks of computer security experts (and law enforcement officials) is a postmodern fight. Two theories are used in this study: social network theory and game theory.This study employed qualitative methodology and data were collected via in-depth conversational (face-to-face) interviewing. Twenty-seven computer security experts and law enforcement officials were interviewed. Overall, this study found that cyberterrorists tend not to work alone. Rather, they team up with others through social networks. It was also found that it takes networks to fight networks. As such, it is necessary for experts and officials to combine efforts, through networking, in order to combat, let alone understand, cyberterrorist networks. Of equal relevance is the fact that law enforcement agents and computer security experts do not always engage in battle with cyberterrorists. They sometimes try to interact with them in order to obtain more information about their networks (and vice versa). Finally, four themes were identified from the participants' accounts: (1) postmodern state of chaos, (2) social engineering, (3) know thy enemy, and (4) the enemy of my enemy is my friend

A Psychosocial Behavioral Attribution Model: Examining the Relationship Between the “Dark Triad” and Cyber-Criminal Behaviors Impacting Social Networking Sites

This study proposes that individual personality characteristics and behavioral triggering effects come together to motivate online victimization. It draws from psychology’s current understanding of personality traits, attribution theory, and criminological research. This study combines the current computer deviancy and hacker taxonomies with that of the Dark Triad model of personality mapping. Each computer deviant behavior is identified by its distinct dimensions of cyber-criminal behavior (e.g., unethical hacking, cyberbullying, cyberstalking, and identity theft) and analyzed against the Dark Triad personality factors (i.e., narcissism, Machiavellianism, and psychopathy). The goal of this study is to explore whether there are significant relationships among the Dark Triad personality traits and specific cyber-criminal behaviors within social network sites (SNSs). The study targets offensive security engineers and computer deviants from specific hacker conferences and from websites that discuss or promote computer deviant behavior (e.g., hacking). Additional sampling is taken from a general population of SNS users. Using a snowball sampling method, 235 subjects completed an anonymous, self-report survey that includes items measuring computer deviance, personality traits, and demographics. Results yield that there was no significant relationship between Dark Triad and cyber-criminal behaviors defined in the perceived hypotheses. The final chapter of the study summarizes the results and discusses the mechanisms potentially underlying the findings. In the context of achieving the latter objective, exploratory analyses are incorporated and partly relied upon. It also includes a discussion concerning the implications of the findings in terms of providing theoretical insights on the Dark Triad traits and cyber-criminal behaviors more generally

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

Cyber Humanitarian Interventions: The viability and ethics of using cyber-operations to disrupt perpetrators’ means and motivations for atrocities in the digital age

In the contemporary digital age, mass atrocity crimes are increasingly promoted and organised online. Yet, little attention has been afforded to the question of whether proactive cyberspace operations might be used for human protection purposes. Beginning with the framework of the Responsibility to Protect (R2P), this thesis asks: How might cyber-operations be used ethically to protect populations from mass atrocity crimes? To answer this question, I introduce the concept of ‘cyber humanitarian interventions’, and argue that such measures can be used to disrupt potential perpetrators’ means and motivations for atrocities. Specifically, I contend that cyber humanitarian interventions can be used to frustrate potential perpetrators’ communication channels, logistical supply chains, and funding, as well as to stymie potential perpetrators’ desire for violence via online, targeted, tailor-made campaigns based on their big data. These capabilities can be used in an ethically acceptable manner, and thus ought to be pursued prior to the resort to other more forceful measures to protect. Moreover, and perhaps more controversially, I argue that, in some circumstances, there is a qualified responsibility to deceive potential perpetrators – via online disinformation – in order to fulfil responsibilities to protect. This thesis seeks to make three key contributions. First, it contributes to extant literatures on R2P, atrocity prevention, and cyberspace by offering cyber humanitarian interventions as a hitherto neglected tool for human protection. Second, it furthers ethical debates on atrocity prevention by providing an in-depth analysis of how cyber humanitarian interventions can be deployed ethically. Third, it challenges prevailing conceptions of disinformation by arguing that that there is, in fact, a qualified responsibility to deceive potential perpetrators into not committing atrocities via online disinformation. In sum, this thesis aims to bring 21st century capabilities to bear on centuries-old crimes, and highlights cyber humanitarian interventions as a more peaceful, cost-effective, and politically palatable tool to protect vulnerable populations from mass atrocity crimes

Tematski zbornik radova međunarodnog značaja. Tom 3 / Međunarodni naučni skup “Dani Arčibalda Rajsa”, Beograd, 10-11. mart 2016.

In front of you is the Thematic Collection of Papers presented at the International Scientific Conference “Archibald Reiss Days”, which was organized by the Academy of Criminalistic and Police Studies in Belgrade, in co-operation with the Ministry of Interior and the Ministry of Education, Science and Technological Development of the Republic of Serbia, National Police University of China, Lviv State University of Internal Affairs, Volgograd Academy of the Russian Internal Affairs Ministry, Faculty of Security in Skopje, Faculty of Criminal Justice and Security in Ljubljana, Police Academy “Alexandru Ioan Cuza“ in Bucharest, Academy of Police Force in Bratislava and Police College in Banjaluka, and held at the Academy of Criminalistic and Police Studies, on 10 and 11 March 2016. The International Scientific Conference “Archibald Reiss Days” is organized for the sixth time in a row, in memory of the founder and director of the first modern higher police school in Serbia, Rodolphe Archibald Reiss, PhD, after whom the Conference was named. The Thematic Collection of Papers contains 165 papers written by eminent scholars in the field of law, security, criminalistics, police studies, forensics, informatics, as well as by members of national security system participating in education of the police, army and other security services from Belarus, Bosnia and Herzegovina, Bulgaria, China, Croatia, Greece, Hungary, Macedonia, Montenegro, Romania, Russian Federation, Serbia, Slovakia, Slovenia, Spain, Switzerland, Turkey, Ukraine and United Kingdom. Each paper has been double-blind peer reviewed by two reviewers, international experts competent for the field to which the paper is related, and the Thematic Conference Proceedings in whole has been reviewed by five competent international reviewers. The papers published in the Thematic Collection of Papers contain the overview of contemporary trends in the development of police education system, development of the police and contemporary security, criminalistic and forensic concepts. Furthermore, they provide us with the analysis of the rule of law activities in crime suppression, situation and trends in the above-mentioned fields, as well as suggestions on how to systematically deal with these issues. The Collection of Papers represents a significant contribution to the existing fund of scientific and expert knowledge in the field of criminalistic, security, penal and legal theory and practice. Publication of this Collection contributes to improving of mutual cooperation betw