Addressing the Insider Threat

In their guest editors' introduction to the special issue on Insider Threat, Shari Lawrence Pfleeger and Salvatore Stolfo describe a taxonomy of insiders and their unwelcome actions, as well as the need for credible data to document the size and nature of the insider threat. They suggest that the three articles in the special issue shed light not only on how to generate data for further study but also on how to use the data in models that can help evaluate the likely effects of various responses. The introduction ends with a matrix showing the variety of sensible and effective responses that must be sensitive to the organizations, systems, environments, and individuals involved with inappropriate insider behavior

Detecting insider threat within institutions using CERT dataset and different ML techniques

The reason of countries development in industrial and commercial enterprises fields in those countries. The security of a particular country depends on its security institutions, the confidentiality of its employees, their information, the target's information, and information about the forensic evidence for those targets. One of the most important and critical problems in such institutions is the problem of discovering an insider threat that causes loss, damage, or theft the information to hostile or competing parties. This threat is represented by a person who represents one of the employees of the institution, the goal of that person is to steal information or destroy it for the benefit of another institution's desires. The difficulty in detecting this type of threat is due to the difficulty of analyzing the behavior of people within the organization according to their physiological characteristics. In this research, CERT dataset that produced by the University of Carnegie Mellon University has been used in this investigation to detect insider threat. The dataset has been preprocessed. Five effective features were selected to apply three ML techniques Random Forest, Naïve Bayes, and 1 Nearest Neighbor. The results obtained and listed sequentially as 89.75917519%, 91.96650826%, and 94.68205476% with an error rate of 10.24082481%, 8.03349174%, and 5.317945236%

Multiple Case Study Approach to Identify Aggravating Variables of Insider Threats in Information Systems

Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders’ motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners

A critical reflection on the threat from human insiders--its nature, industry perceptions, and detection approaches

Organisations today operate in a world fraught with threats, including “script kiddies”, hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is that of the malicious insider. These trusted individuals have access to valuable company systems and data, and are well placed to undermine security measures and to attack their employers. In this paper, we engage in a critical reflection on the insider threat in order to better understand the nature of attacks, associated human factors, perceptions of threats, and detection approaches. We differentiate our work from other contributions by moving away from a purely academic perspective, and instead focus on distilling industrial reports (i.e., those that capture practitioners’ experiences and feedback) and case studies in order to truly appreciate how insider attacks occur in practice and how viable preventative solutions may be developed

Dynamics of development of economic crime and combating crime in different regions of the world

The globalization of economic relations and the computerization of all spheres of life create favorable conditions for the commission of economic crimes, which is a problem not only of a national level but also an international one. The aim of the scientific article is to establish the level of economic crime in the world and certain countries, to determine its dynamics, to establish the causes of economic crimes in international relations, their consequences and to suggest ways to combat economic crime. Achieving this goal was carried out using the elemental and theoretical method, as well as using methods of comparison, analysis, generalization and analogy. The dynamics of economic crime at the international level is determined, which shows an increase in the commission of these crimes

Mitigation of Insider Attacks through Multi-Cloud

The malicious insider can be an employees, user and/or third party business partner. In cloud environment, clients may store sensitive data about their organization in cloud data centers. The cloud service provider should ensure integrity, security, access control and confidentiality about the stored data at cloud data centers. The malicious insiders can perform stealing on sensitive data at cloud storage and at organizations. Most of the organizations ignoring the insider attack because it is harder to detect and mitigate. This is a major emerging problem at the cloud data centers as well as in organizations. In this paper, we proposed a method that ensures security, integrity, access control and confidentiality on sensitive data of cloud clients by employing multi cloud service providers. The organization should encrypt the sensitive data with their security policy and procedures and store the encrypted data in trusted cloud. The keys which are used during encryption process are again encrypted and stored in another cloud area. So that organization contains only keys for keys of encrypted data. The Administrator of organization also does not know what data kept in cloud area and if he accesses the data, easily caught during the auditing. Hence, the only authorized used can access the data and use it and we can mitigate insider attacks by providing restricted privileges

On the Clock, Best Bet to Draft Cyberdefensive Linemen: Federal Regulation of Sports Betting from a Cybersecurity Perspective

On May 14, 2018, Justice Alito delivered the majority opinion for the United States Supreme Court in Murphy v. National Collegiate Athletic Association (NCAA). The Professional and Amateur Protection Act (PASPA), a twenty-six-year-old federal statute, was deemed unconstitutional; thus, this decision allows state legislatures to legalize sports betting within their borders. With many states independently legalizing sports gambling, the regulatory landscape throughout the country is becoming a patchwork of state statutes. Additionally, top tier sporting organizations heavily depend on data analytics to formulate game plan strategy, train efficiently, rehab player injuries, gauge team and player performance, etc. The popularity of sports gambling continues to grow in the United States, and the proliferation of data usage will only expand as teams and players seek a competitive advantage. However, sports teams and athletes are not the only entities seeking an edge, as hackers will attempt to steal private and proprietary data for a significant edge when placing sports bets. It is imperative that leagues, teams, sports betting operators, and legislators must not overlook the cybersecurity component when regulating the industry. This Note argues that federal regulatory oversight is the most favorable approach from a cybersecurity perspective, and states can build on this framework as they see fit. Federal agencies, such as the Federal Trade Commission (FTC), Securities Exchange Commission (SEC), and federal law enforcement agencies, are well-versed in persistent cybersecurity issues and compliance regulations. A central, federal regulatory model is advantageous to the growth and integrity of the blossoming sports gambling industry and the established sports industry