Exploring the motivation behind cybersecurity insider threat and proposed research agenda

Cyber exploitation and malicious activities have become more sophisticated. Insider threat is one of the most significant cyber security threat vector, while posing a great concern to corporations and governments. An overview of the fundamental motivating forces and motivation theory are discussed. Such overview is provided to identify motivations that lead trusted employees to become insider threats in the context of cyber security. A research agenda with two sequential experimental research studies are outlined to address the challenge of insider threat mitigation by a prototype development. The first proposed study will classify data intake feeds, as recognized and weighted by cyber security experts, in an effort to establish predictive analytics of novel correlations of activities that may lead to cyber security incidents. It will also develop approach to identify how user activities can be compared against an established baseline, the user’s network cyber security pulse, with visualization of simulated users’ activities. Additionally, the second study will explain the process of assessing the usability of a developed visualization prototype that intends to present correlated suspicious activities requiring immediate action. Successfully developing the proposed prototype via feeds aggregation and an advanced visualization from the proposed research could assist in the mitigation of malicious insider threat

Database functionalities for evolving monitoring applications

Databases are able to store, manage, and retrieve large amounts and a broad variety of data. However, the task of understanding and reacting to the data is often left to tools or user applications outside the database. As a consequence, monitoring applications are often relying on problem-specific imperative code for data analysis, scattering the application logic. This usually leads to island solutions which are hard to maintain, give raise to security and performance problems due to the separation of data storage and analysis. In this paper, we identify missing database functionalities which overcome these problems by allowing data processing on a higher level of abstraction. Such functionalities would allow to employ a database system even for the complex analysis tasks required in evolving monitoring scenarios