Modeling Expert Judgments of Insider Threat Using Ontology Structure: Effects of Individual Indicator Threat Value and Class Membership

We describe research on a comprehensive ontology of sociotechnical and organizational factors for insider threat (SOFIT) and results of an expert knowledge elicitation study. The study examined how alternative insider threat assessment models may reflect associations among constructs beyond the relationships defined in the hierarchical class structure. Results clearly indicate that individual indicators contribute differentially to expert judgments of insider threat risk. Further, models based on ontology class structure more accurately predict expert judgments. There is some (although weak) empirical evidence that other associations among constructs—such as the roles that indicators play in an insider threat exploit—may also contribute to expert judgments of insider threat risk. These findings contribute to ongoing research aimed at development of more effective insider threat decision support tools

Detecting Insider Attack from Behavioral and Organizational Approach

With alteration in many activities to digital procedures comes vulnerability. Cyber-attack risk keeps increasing for individuals and businesses. One of the attacks that could occur inside companies or organizations is an “Insider Attack”. Due to the complexity of human factors, this issue is mainly dealt with and discussed in previous studies through a technical approach. This research aims to find the correlation between the possibility of insider attacks with behavioural and organizational factors. To evaluate the difference in practice between different business sectors in Indonesia. The data were collected through semi-structured interviews with people from diverse work backgrounds conducted online. The interview was recorded and transcribed manually. The data analysis was done using tables to help the coding and correlating variable process. This research is supposed to determine the most impactful factor based on people’s views. Possible gaps were found between theories and what happened in the practice of the company or organization. This research outcome intends to give information to future research and serve as a reference to businesses and organizations about current development and gaps in a business environment.Keywords: Digitalization Risk, Cyber Security, Cyber attack, Insider Attack, Behavioural and Organizational Factors, Gaps, Prediction, Prevention

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

VISTA:an inclusive insider threat taxonomy, with mitigation strategies

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat

A Governance Perspective for System-of-Systems

The operating landscape of 21st century systems is characteristically ambiguous, emergent, and uncertain. These characteristics affect the capacity and performance of engineered systems/enterprises. In response, there are increasing calls for multidisciplinary approaches capable of confronting increasingly ambiguous, emergent, and uncertain systems. System of Systems Engineering (SoSE) is an example of such an approach. A key aspect of SoSE is the coordination and the integration of systems to enable ‘system-of-systems’ capabilities greater than the sum of the capabilities of the constituent systems. However, there is a lack of qualitative studies exploring how coordination and integration are achieved. The objective of this research is to revisit SoSE utility as a potential multidisciplinary approach and to suggest ‘governance’ as the basis for enabling ‘system-of-systems’ coordination and integration. In this case, ‘governance’ is concerned with direction, oversight, and accountability of ‘system-of-systems.’ ‘Complex System Governance’ is a new and novel basis for improving ‘system-of-system’ performance through purposeful design, execution, and evolution of essential metasystem functions.

Simulation for Cybersecurity: State of the Art and Future Directions

In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts

The "human factor" in cybersecurity: exploring the accidental insider

A great deal of research has been devoted to the exploration and categorization of threats posed from malicious attacks from current employees who are disgruntled with the organisation, or are motivated by financial gain. These so-called “insider threats” pose a growing menace to information security, but given the right mechanisms, they have the potential to be detected and caught. In contrast, human factors related to aspects of poor planning, lack of attention to detail, and ignorance are linked to the rise of the accidental or unintentional insider. In this instance there is no malicious intent and no prior planning for their “attack,” but their actions can be equally as damaging and disruptive to the organisation. This chapter presents an exploration of fundamental human factors that could contribute to an individual becoming an unintentional threat. Furthermore, key frameworks for designing mitigations for such threats are also presented, alongside suggestions for future research in this area

Understanding factors that influence Unintentional Insider Threat: A framework to counteract unintentional risks

The exploitation of so-called insiders is increasingly recognised as a common vector for cyberattacks. Emerging work in this area has considered the phenomenon from various perspectives including the technological, the psychological and the sociotechnical. We extend this work by specifically examining unintentional forms of insider threat and report the outcomes of a series of detailed Critical Decision Method (CDM) led interviews with those who have experienced various forms of unwitting cybersecurity breaches. We also articulate factors likely to contribute firmly in the context of everyday work-as-done. CDM’s probing questions were used to elicit expert knowledge around how decision making occurred prior, during and post an unintentional cyber breach whilst participants were engaged in the delivery of cognitive tasks. Through the application of grounded theory to data, emerging results included themes of decision making, task factors, accidents and organisational factors. These results are utilised to inform an Epidemiological Triangle to represent the dynamic relationship between three vectors of exploit, user and the work environment that can in turn affect the resilience of cyber defences. We conclude by presenting a simple framework, which for the purposes of this work is a set of recommendations applicable in specific scenarios to reduce negative impact for understanding unintentional insider threats. We also suggest practical means to counteract such threats rooted in the lived experience of those who have fallen prey to them