Model based analysis of insider threats

In order to detect malicious insider attacks it is important to model and analyse infrastructures and policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios by quantitative aspects to enable a precise analysis of security designs. Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider's intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the framework with case studies

Assessing and mitigating the impact of organisational change on counterproductive work behaviour: An operational (dis)trust based framework.:Full Report

This report comprises the findings of CREST funded research into organisational change and insider threat. It outlines the individual, social and organisational factors that over time, can contribute to negative employee perceptions and experiences.These factors can produce a reduction in an employee’s psychological attachment to, and trust in, their employing organisation which then allows them to undertake Counterproductive Work Behaviour (CWB). CWB concerns action which threatens the effectiveness, or harms the safety of, an employer and its stakeholders.It can develop from small scale discretions (e.g., time wasting, or knowledge hiding) into serious insider threat activities (e.g., destroying systems or exchanging confidential information with malicious others). Following past research linking CWB to both organisational change and trust breach, the aim of the study was to produce a (dis)trust based framework for predicting, identifying and mitigating counterproductive work behaviour and insider threat within the context of organisational change.We posed the following research questions:1. What effect does organisational change have in relation to counterproductive work behaviour (CWB) and insider threat acts?2. What role does (dis)trust play in CWB during organisational change?3. What preventative measures can be taken by organisations to help mitigate CWB and insider threat in organisational change initiatives?To address these questions, we collected empirical data from a case study organisation undergoing change: two sets of interviews, i.) with selected managers and staff outlining the key changes in the organisation, ii.) with a range of stakeholders involved in/privy to one of three insider threat case studies in two different departments, iii.) a review of HR and security paperwork on the insider threat cases, and then, iv.) anonymous surveys of the workforce in the same two departments in which our case studies occurred. Using these methods, we explored individuals’ cognitions and emotions to understand why while some employees remain engaged, loyal and trusting during change, others become disengaged, distrusting and behave in deviant ways

Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

Insider trading: regulation, securities markets, and welfare under risk neutrality

I evaluate in this paper the impact of insider trading regulation (ITR) on a securities market and on social welfare. I show that ITR has both beneficial and detrimental effects on a securities market. In terms of welfare, I show that ITR has a purely redistributive effect; that is, it generates trading gains and trading losses that cancel out at the aggregate level. However, the goods and services that could have been produced with the resources allocated to enforce such a wealth redistribution are a net social cost of restricting insider trading. Finally, although I establish two conditions under which ITR is beneficial, I argue that neither condition provides sufficient support to the imposition of such a regulation

Space, Place, Common Wounds and Boundaries: Insider/Outsider Debates in Research with Black Women and Deaf Women

The chapter discusses issues of identity in research. It does this by examining the impacts of the identity of the researcher, participants, and the various identity interchanges that take place. This chapter draws on the perspectives and experiences of participants and researcher in a PhD study with five (Six Deaf women were interviewed but one withdrew due to a conflict of interest.) culturally Deaf (white) women and 25 Black (hearing) women discussing their world of work in UK public sector organizations. The theoretical framework of “Africanist Sista-hood in Britain” is that which underpins the positioning of the research and researcher. The chapter provides a reflexive account of the research but in a way that centralizes participant perspectives. Two goals have been achieved; firstly, it adds further contribution to the insider/outsider debate by adding participant perspectives on the issue, and secondly, it demonstrates the ways in which the theoretical framework of “Africanist Sista-hood in Britain” can be used in research not just with Black women but also via collaborative approaches with other social groups. In so doing, the chapter raises a number of important questions: Should researchers seek out participant perspectives on the insider/outsider debates in research? In what ways does the identity interchange between researcher and researched have an impact on the research process? What does Africanist Sista-hood in Britain have to offer to Black women and others carrying out research in the field

Teaching Buddhism in Britain's schools : redefining the insider role

Dialogical approaches to Religious Education in Britain’s schools have opened the subject to input by Buddhist insiders more than ever in its history although shortcomings remain in the way Buddhism is portrayed in the classroom. With the proviso that insider input can move beyond the ‘do-ut-des’ religious style, this paper describes eight possible areas of classroom experience where Buddhist insiders can make a beneficial contribution. Of these, examples could be found in the educational literature where insider input through home nurture, teaching materials, teacher expertise, insider input and pedagogy had already been applied to good effect in the classroom. However, in the areas of the Agreed Syllabuses for RE, school ethos and national representation input was found lacking or skewed toward 'convert' Buddhist expectations, while the voice of the more numerous 'migrant' Buddhist community remained relatively unheard

Negotiating and Navigating the Rough Terrain of Transnational Feminist Research

This article examines aspects of feminist methodology pertinent to carrying out transnational research within an era of globalization. I explore the use of self-reflexivity, engagement with conceptualizations of insider/outsider, and the employment of feminist critiques of notions of objectivity within the research process as feminist methodological tools relevant to transnational feminist research. I argue that in an age of globalization, such methodological frameworks and tools are necessary in research committed to feminist contestations of globalization in that the nature of transnational research sustains an ever dynamic and shifting landscape of personal, political, and geographical relationships. This article draws upon my experiences carrying out transnational research in Ireland and the United States for my PhD dissertation between 2003 and 200