A descriptive review and classification of organizational information security awareness research

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding

Cyber Threat Actors for the Factory of the Future

The increasing degree of connectivity in factory of the future (FoF) environments, with systems that were never designed for a networked environment in terms of their technical security nature, is accompanied by a number of security risks that must be considered. This leads to the necessity of relying on risk assessment-based approaches to reach a sufficiently mature cyber security management level. However, the lack of common definitions of cyber threat actors (CTA) poses challenges in untested environments such as the FoF. This paper analyses policy papers and reports from expert organizations to identify common definitions of CTAs. A significant consensus exists only on two common CTAs, while other CTAs are often either ignored or overestimated in their importance. The identified motivations of CTAs are contrasted with the specific characteristics of FoF environments to determine the most likely CTAs targeting FoF environments. Special emphasis is given to corporate competitors, as FoF environments probably provide better opportunities than ever for industrial espionage if they are not sufficiently secured. In this context, the study aims to draw attention to the research gaps in this area

Insider threat mitigation and access control in healthcare systems

Rapid and reliable information sharing of patient healthcare information has become critical for achieving better care with lower costs. However, such healthcare information sharing requires to be done securely with privacy guarantees, as required by law. Among its other requirements, the Health Insurance Portability and Accountability Act (HIPAA) requires the use of appropriate access control mechanisms to protect healthcare information. Despite these legal requirements, currently implemented access control models in the healthcare domain are typically inadequate as demonstrated by the large and increasing numbers of successful attacks on healthcare systems. In particular, current access control models do not provide sufficient protection for healthcare systems from attacks by insiders, i.e., authorized healthcare personnel. This paper examines how healthcare information can be protected from unauthorized or improper use, disclosure, alteration, and destruction by health- care providers. Using a holistic approach toward modeling access control, the authors construct a threat model for access control in healthcare systems. The constructed model is then used to assess the effectiveness of current access control mechanisms such as Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), as well as the BiLayer Access Control (BLAC) model, which was proposed as a flexible, higher-performance replacement for both RBAC and ABAC

Identifying Common Characteristics of Malicious Insiders

Malicious insiders account for large proportion of security breaches or other kinds of loss for organizations and have drawn attention of both academics and practitioners. Although methods and mechanism have been developed to monitor potential insider via electronic data monitoring, few studies focus on predicting potential malicious insiders. Based on the theory of planned behavior, certain cues should be observed or expressed when an individual performs as a malicious insider. Using text mining to analyze various media content of existing insider cases, we strive to develop a method to identify crucial and common indicators that an individual might be a malicious insider. Keywords: malicious insider, insider threat, the theory of planned behavior, text minin

Brain Betrayal: A Neuropsychological Categorization of Insider Attacks

Thanks to an abundance of highly publicized data breaches, Information Security (InfoSec) is taking a larger place in organizational priorities. Despite the increased attention, the threat posed to employers by their own employees remains a frightening prospect studied mostly in a technical light. This paper presents a categorization of insider deviant behavior and misbehavior based off of the neuropsychological foundations of three main types of insiders posing a threat to an organization: accidental attackers; neurologically “hot” malcontents, and neurologically “cold” opportunists

Formal Mitigation Strategies for the Insider Threat: A Security Model and Risk Analysis Framework

The advancement of technology and reliance on information systems have fostered an environment of sharing and trust. The rapid growth and dependence on these systems, however, creates an increased risk associated with the insider threat. The insider threat is one of the most challenging problems facing the security of information systems because the insider already has capabilities within the system. Despite research efforts to prevent and detect insiders, organizations remain susceptible to this threat because of inadequate security policies and a willingness of some individuals to betray their organization. To investigate these issues, a formal security model and risk analysis framework are used to systematically analyze this threat and develop effective mitigation strategies. This research extends the Schematic Protection Model to produce the first comprehensive security model capable of analyzing the safety of a system against the insider threat. The model is used to determine vulnerabilities in security policies and system implementation. Through analysis, mitigation strategies that effectively reduce the threat are identified. Furthermore, an action-based taxonomy that expresses the insider threat through measurable and definable actions is presented. A risk analysis framework is also developed that identifies individuals within an organization that display characteristics indicative of a malicious insider. The framework uses a multidisciplinary process by combining behavior and technical attributes to produce a single threat level for each individual within the organization. Statistical analysis using the t-distribution and prediction interval on the threat levels reveal those individuals that are a potential threat to the organization. The effectiveness of the framework is illustrated using the case study of Robert Hanssen, demonstrating the process would likely have identified him as an insider threat

10341 Abstracts Collection -- Insider Threats: Strategies for Prevention, Mitigation, and Response

From August 22 to 26, 2010, the Dagstuhl Seminar 10341 ``Insider Threats: Strategies for Prevention, Mitigation, and Response\u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Novel Alert Visualization: The Development of a Visual Analytics Prototype for Mitigation of Malicious Insider Cyber Threats

Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innovative validated visualizations for cyber analysts to better decipher and react to detected anomalies has not been reported in literature or in industry. Attacks caused by malicious insiders can cause millions of dollars in losses to an organization. Though there have been advances in Intrusion Detection Systems (IDSs) over the last three decades, traditional IDSs do not specialize in anomaly identification caused by insiders. There is also a profuse amount of data being presented to cyber analysts when deciphering big data and reacting to data breach incidents using complex information systems. Information visualization is pertinent to the identification and mitigation of malicious cyber insider threats. The main goal of this study was to develop and validate, using Subject Matter Experts (SME), an executive insider threat dashboard visualization prototype. Using the developed prototype, an experimental study was conducted, which aimed to assess the perceived effectiveness in enhancing the analysts’ interface when complex data correlations are presented to mitigate malicious insiders cyber threats. Dashboard-based visualization techniques could be used to give full visibility of network progress and problems in real-time, especially within complex and stressful environments. For instance, in an Emergency Room (ER), there are four main vital signs used for urgent patient triage. Cybersecurity vital signs can give cyber analysts clear focal points during high severity issues. Pilots must expeditiously reference the Heads Up Display (HUD), which presents only key indicators to make critical decisions during unwarranted deviations or an immediate threat. Current dashboard-based visualization techniques have yet to be fully validated within the field of cybersecurity. This study developed a visualization prototype based on SME input utilizing the Delphi method. SMEs validated the perceived effectiveness of several different types of the developed visualization dashboard. Quantitative analysis of SME’s perceived effectiveness via self-reported value and satisfaction data as well as qualitative analysis of feedback provided during the experiments using the prototype developed were performed. This study identified critical cyber visualization variables and identified visualization techniques. The identifications were then used to develop QUICK.v™ a prototype to be used when mitigating potentially malicious cyber insider threats. The perceived effectiveness of QUICK.v™ was then validated. Insights from this study can aid organizations in enhancing cybersecurity dashboard visualizations by depicting only critical cybersecurity vital signs

A New Role for Human Resource Managers: Social Engineering Defense

[Excerpt] The general risk of social engineering attacks to organizations has increased with the rise of digital computing and communications, while for an attacker the risk has decreased. In order to counter the increased risk, organizations should recognize that human resources (HR) professionals have just as much responsibility and capability in preventing this risk as information technology (IT) professionals. Part I of this paper begins by defining social engineering in context and with a brief history pre-digital age attacks. It concludes by showing the intersection of HR and IT through examples of operational attack vectors. In part II, the discussion moves to a series of measures that can be taken to help prevent social engineering attacks