EMPLOYEE INTENTION TO WHISTLEBLOW INFORMATION SECURITY POLICY VIOLATION

Insider abuse has always been a significant threat to information security management in organization. In order to address this issue, in this research we propose whistleblowing as another complementary measure to other existent approaches to strengthen the internal information security management. In particular, we focus on an investigation of employee intention to whistle-blow information security policy (ISP) violation. Drawing on the theory of planned behavior and rational choice theory, we develop a theoretical model to understand the factors at the organizational and individual levels that might influence whistleblowing attitude and whistleblowing intention. Through a survey-based empirical investigation, we anticipate the results to enhance our existing knowledge on management of insider abuse against information security policy within organizations

Outsourcing Information Technology and the Insider Threat

As one of our nation\u27s top critical infrastructures, telecommunications is an essential element of many aspects of our lives upon which we, as a society, are becoming increasingly dependent. Computers, digital telephone switches, and interconnected information technology (IT) systems impact finances, travel, infrastructure management, and missions of national defense. This research examined whether the trend in increased outsourcing of information technology systems is a significant contributing factor to a reportedly increasing amount of insider attacks. In light of changing social, global economic, and technological conditions, the paradigm in which risk analysis, management practices, and operational and personnel security practices are applied to protect information has shifted over the last decade. A comprehensive model of the discursive nature of the insider threat in the outsourced IT environment was developed using a qualitative grounded theory approach put forth by Glaser and Strauss in 1967. The theory generated by this research suggests a multidimensional real and growing threat resulting from outsourced IT as well as preconditions for continued future growth of the insider threat phenomenon

Mitigating Insider Threat using Human behavior Influence Models

Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that affect employees, and identifies employees with increased risk of becoming malicious insiders. The model\u27s primary purpose is to differentiate malicious and non-malicious employees. This research details the need for the model, the model\u27s components, and how it works. The model is tested using an in-depth case study on Robert Hanssen, the FBI\u27s double agent who sold the Soviets secrets for more than 20 years. Implemented with the right tool, the new model has great potential for use by security personnel in their efforts to mitigate insider threat damage

Analysis of insiders attack mitigation strategies

Insider threat has become a serious information security issues within organizations. In this paper, we analyze the problem of insider threats with emphases on the Cloud computing platform. Security is one of the major anxieties when planning to adopt the Cloud. This paper will contribute towards the conception of mitigation strategies that can be relied on to solve the malicious insider threats. While Cloud computing relieves organizations from the burden of the data management and storage costs, security in general and the malicious insider threats in particular is the main concern in cloud environments. We will analyses the existing mitigation strategies to reduce malicious insiders threats in Cloud computing

A HOLISTIC APPROACH TO PROTECTING NATIONAL SECURITY: INTEGRATING INTELLIGENCE AND RISK MANAGEMENT TO REDUCE INSIDER THREATS

Reviewed by Thomas Stanton and Anthony Lang, this thesis explores the important question of how a combination of security intelligence and risk management could be used to address insider threats and their impact on national security. As the thesis documents, insiders threaten not only the wellbeing of employees and facilities, but also the confidentiality and integrity of sensitive information, which could be used by foreign adversaries of the United States. The first chapter recommends more systematic integration of intelligence information into security programs. The second chapter explores the role of risk management, and especially Enterprise Risk Management, in improving the effectiveness of federal security programs and organizations. The third chapter focuses directly on the problem of insider threats. It highlights the remarkable number of ways that insiders such as Edward Snowden displayed warning signs of the danger they posed to national security, long before the damage they caused occurred. It was discovered that analyzing current threat information, which makes it intelligence, enables security programs to allocate resources and deploy countermeasures more appropriately. The intelligence findings enable risk management, which is the ongoing process federal organizations use to determine how they will respond to threats. Organizations that fail to understand their threat, and subsequently impose risk-driven countermeasures, are likely to suffer consequences from attacks – many of which come from insider threats. Insiders acting against federal organizations stand to damage national security by harming people they work with, revealing defense secrets, and/or weakening international relations. The potential damage to national security can be mitigated using the holistic approach outlined throughout this thesis

Human element of corporate espionage risk management : literature review on assessment and control of outsider and insider threats

The primary purpose of this study is to determine how suitable human risk management con- trols are against corporate espionage. Information risks are ascending problem with corpora- tions all over the world. Cyber attacks are commonplace, and the attackers are often trying to compromise valuable data assets. These malicious targeted attacks are bypassing traditional information security controls; therefore, organizations are endangered by these threats. Since the traditional information security measures cannot effectively prevent trade secret thefts, companies must look for alternative remedies to mitigate the risks of corporate espionage. One eligible solution is to focus on the human element of information risks management, and thereby defeating the malicious corporate spies. This theoretical thesis aims to consolidate various sources of research literature in order to approach targeted threats from a human risk management perspective. The literature review incorporates research from various fields, such as cyber security, information risk manage- ment, corporate espionage, insider threat, and social engineering. The objective of the thesis is to merge these fields together, and identify the most suitable risk management controls against corporate espionage activities. Corporate espionage activities often include exfiltrating valuable data via Internet and information technology. Hence, the espionage activities are oc- curring in a challenging risk environment, which is introduced in this thesis. A large part of this thesis focuses on the assessment of insider and outsider threats. These threat actors are analyzed and evaluated thoroughly, focusing on the motivation and oppor- tunity of the perpetrators. The two main attack methods are social engineering and malicious insider activity. These attack methods are extremely dangerous to companies of all size, and risk management literature has largely ignored the subject. The legal ramifications to the problems are inadequate as well, since corporate espionage attacks often emanate from states with weaker legislation towards Internet crimes. However, companies can brace themselves against malicious insider activity and social engineering with careful assessment and risk management decisions. The research literature supports the view that the most effective ways to mitigate risks of corporate espionage is to control the awareness and behavior of organiza- tion s employees. The corporate espionage risks will not subside by themselves; hence, or- ganizations must reinforce their policies and data management procedures

On the detection of privacy and security anomalies

Data analytics over generated personal data has the potential to derive meaningful insights to enable clarity of trends and predictions, for instance, disease outbreak prediction as well as it allows for data-driven decision making for contemporary organisations. Predominantly, the collected personal data is managed, stored, and accessed using a Database Management System (DBMS) by insiders as employees of an organisation. One of the data security and privacy concerns is of insider threats, where legitimate users of the system abuse the access privileges they hold. Insider threats come in two flavours; one is an insider threat to data security (security attacks), and the other is an insider threat to data privacy (privacy attacks). The insider threat to data security means that an insider steals or leaks sensitive personal information. The insider threat to data privacy is when the insider maliciously access information resulting in the violation of an individual’s privacy, for instance, browsing through customers bank account balances or attempting to narrow down to re-identify an individual who has the highest salary. Much past work has been done on detecting security attacks by insiders using behavioural-based anomaly detection approaches. This dissertation looks at to what extent these kinds of techniques can be used to detect privacy attacks by insiders. The dissertation proposes approaches for modelling insider querying behaviour by considering sequence and frequency-based correlations in order to identify anomalous correlations between SQL queries in the querying behaviour of a malicious insider. A behavioural-based anomaly detection using an n-gram based approach is proposed that considers sequences of SQL queries to model querying behaviour. The results demonstrate the effectiveness of detecting malicious insiders accesses to the DBMS as anomalies, based on query correlations. This dissertation looks at the modelling of normative behaviour from a DBMS perspective and proposes a record/DBMS-oriented approach by considering frequency-based correlations to detect potentially malicious insiders accesses as anomalies. Additionally, the dissertation investigates modelling of malicious insider SQL querying behaviour as rare behaviour by considering sequence and frequency-based correlations using (frequent and rare) item-sets mining. This dissertation proposes the notion of ‘Privacy-Anomaly Detection’ and considers the question whether behavioural-based anomaly detection approaches can have a privacy semantic interpretation and whether the detected anomalies can be related to the conventional (formal) definitions of privacy semantics such as k-anonymity and the discrimination rate privacy metric. The dissertation considers privacy attacks (violations of formal privacy definition) based on a sequence of SQL queries (query correlations). It is shown that interactive querying settings are vulnerable to privacy attacks based on query correlation. Whether these types of privacy attacks can potentially manifest themselves as anomalies, specifically as privacy-anomalies, is investigated. One result is that privacy attacks (violation of formal privacy definition) can be detected as privacy-anomalies by applying behavioural-based anomaly detection using n-gram over the logs of interactive querying mechanisms

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders