Modeling Expert Judgments of Insider Threat Using Ontology Structure: Effects of Individual Indicator Threat Value and Class Membership

We describe research on a comprehensive ontology of sociotechnical and organizational factors for insider threat (SOFIT) and results of an expert knowledge elicitation study. The study examined how alternative insider threat assessment models may reflect associations among constructs beyond the relationships defined in the hierarchical class structure. Results clearly indicate that individual indicators contribute differentially to expert judgments of insider threat risk. Further, models based on ontology class structure more accurately predict expert judgments. There is some (although weak) empirical evidence that other associations among constructs—such as the roles that indicators play in an insider threat exploit—may also contribute to expert judgments of insider threat risk. These findings contribute to ongoing research aimed at development of more effective insider threat decision support tools

Developing an Unintentional Information Security Misbehavior Scale (UISMS)

Although the number of security incidents and data breaches caused by humans increasing, no well-established scale exists to measure individuals’ information security misbehaviors in interaction with the information systems. Knowing that individuals’ misbehaviors differ in term of intentions, in this research, we identify important unintentional behaviors that users may threaten security through non-malicious actions and develop a unified information security misbehaviors scale aiming to exhibit acceptable psychometric properties. We believe such a measurement tool can help researchers to investigate various causes of human errors in system-user interactions and guide practitioners to make strategic decisions in organizations. Our goal is to build a set of Likert scale questions by exploring literature, security experts’ advice, or adopting security policies implemented in organizations to find out what type of individuals’ mistakes may lead to unintentional security misbehaviors

VISTA:an inclusive insider threat taxonomy, with mitigation strategies

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

Isabelle Modelchecking for insider threats

The Isabelle Insider framework formalises the technique of social explanation for modeling and analysing Insider threats in infrastructures including physical and logical aspects. However, the abstract Isabelle models need some refinement to provide sufficient detail to explore attacks constructively and understand how the attacker proceeds. The introduction of mutable states into the model leads us to use the concepts of Modelchecking within Isabelle. Isabelle can simply accommodate classical CTL type Modelchecking. We integrate CTL Modelchecking into the Isabelle Insider framework. A running example of an IoT attack on privacy motivates the method throughout and illustrates how the enhanced framework fully supports realistic modeling and analysis of IoT Insiders

Experimental Investigation of Demographic Factors Related to Phishing Susceptibility

This paper reports on a simulated phishing experiment targeting 6,938 faculty and staff at George Mason University. The study examined various possible predictors of phishing susceptibility. The focus of the present paper is on demographic factors (including age, gender and position/employment). Since previous studies of age and gender have yielded discrepant results, one purpose of the study was to disambiguate these findings. A second purpose was to compare different types of email phishing exploits. A third objective was to compare the effect of different types of feedback given to those who clicked on one or more of three simulated phishing exploits that were deployed over a three-week period. Our analysis of demographic factors, effects of phishing email content, and effects of repeated exposure to phishing exploits revealed significant age effects, marginally significant gender differences, and significant differences in email type. A multi-level model estimated effects of multiple variables simultaneously

Detecting insider threat within institutions using CERT dataset and different ML techniques

The reason of countries development in industrial and commercial enterprises fields in those countries. The security of a particular country depends on its security institutions, the confidentiality of its employees, their information, the target's information, and information about the forensic evidence for those targets. One of the most important and critical problems in such institutions is the problem of discovering an insider threat that causes loss, damage, or theft the information to hostile or competing parties. This threat is represented by a person who represents one of the employees of the institution, the goal of that person is to steal information or destroy it for the benefit of another institution's desires. The difficulty in detecting this type of threat is due to the difficulty of analyzing the behavior of people within the organization according to their physiological characteristics. In this research, CERT dataset that produced by the University of Carnegie Mellon University has been used in this investigation to detect insider threat. The dataset has been preprocessed. Five effective features were selected to apply three ML techniques Random Forest, Naïve Bayes, and 1 Nearest Neighbor. The results obtained and listed sequentially as 89.75917519%, 91.96650826%, and 94.68205476% with an error rate of 10.24082481%, 8.03349174%, and 5.317945236%

Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization

Securing intellectual capital:an exploratory study in Australian universities

Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context

Investigating airplane safety and security against insider threats using logical modeling

In this paper we consider the limits of formal modeling of infrastructures and the application of social explanation for the analysis of insider threats in security and safety critical areas. As an area of study for the analysis we take examples from aviation, firstly since incidents are typically well-documented and secondly since it is an important area per se. In March 2015, a Germanwings flight crashed in the French Alps in what is quite firmly believed to have been intentionally caused by the copilot who locked the pilot out of the cockpit and programmed the autopilot on constant descent. We investigate the security controls and policies in airplanes against insider threats using logical modeling in Isabelle