12,677 research outputs found

    A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)

    Get PDF
    The insider threat problem is extremely challenging to address, as it is committed by insiders who are trusted and authorized to access the information resources of the organization. The problem is further complicated by the multifaceted nature of insiders, as human beings have various motivations and fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders. Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This research presents a novel insider threat prevention and prediction model, combining several approaches, techniques and tools from the fields of computer science and criminology. The model is a Privacy- Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive), opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud Diamond similar to crimes committed within the physical landscape. The model intends to act within context, which implies that when the model offers predictions about threats, it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information about insiders for the purposes of prediction, there is a need to collect current information, as the motives and behaviours of humans are transient. Context-aware systems are used in the model to collect current information about insiders related to motive and ability as well as to determine whether insiders exploit any opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any rationalizations the insider may have via neutralization mitigation, thus preventing the insider from committing a future crime. However, the model collects private information and involves entrapment that will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this thesis argues that an insider prediction model must be privacy-preserving in order to prevent further cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from being tempted to commit a crime in future. The model involves four major components: context awareness, opportunity facilitation, neutralization mitigation and privacy preservation. The model implements a context analyser to collect information related to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan. The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs keystroke and linguistic features based on typing patterns to collect information about any change in an insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime. Research demonstrates that most of the insiders who have committed a crime have experienced a negative emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers without their consent or denial of a wage increase. However, there may also be personal problems such as a divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model also assesses the capability of insiders to commit a planned attack based on their usage of computer applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and skill as well as assessing the number of systems errors and warnings generated while using the applications. The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a motivated and capable insider will exploit any opportunity in the organization involving a criminal act. Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of nullifying the rationalizations that the insider may have had for committing the crime. All information about insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders. The model also intends to identify any new behaviour that may result during the course of implementation. This research contributes to existing scientific knowledge in the insider threat domain and can be used as a point of departure for future researchers in the area. Organizations could use the model as a framework to design and develop a comprehensive security solution for insider threat problems. The model concept can also be integrated into existing information security systems that address the insider threat problemInformation ScienceD. Phil. (Information Systems

    Managing Organisational Change:Practitioner Toolkit

    Get PDF

    Smartphones usage at workplace: Assessing information security risks from accessibility perspective

    Get PDF
    Innovations in technology have created opportunities for employees to be increasingly efficient, productive and always connected to both internal and external customers as they go about their everyday lives using consumer IT tools and resources. This leads to increasingly employee's use of such resources at hand while performing their routine activities at workplaces due to inherent features of connectivity that allow ease of access to information assets. Building on the significance of effort expectancy (ease of use) in earlier research on smartphone adoption at workplace, this study seeks to examine from the aspect of accessibility (ease of access) as a key feature of smart phone usage. It adapts key constructs of Routine Activity Theory (RAT) in the premises of information systems security, viewing the construct of accessibility (ease of copying/transfer data) as a risk associated with the smartphone usage at workplace. That is, focusing on the probability of convenience (opportunity) as a motivation to commit crime. Through analysis of extant literature and theoretical assertions, it presents a theoretical model that can help identify the relationship between smartphone usage and occurrence of insider fraud incidents in the presence of certain situational stimuli. This study assumes that there are possible implications at workplace in terms of ease of access which a smartphone device provides to an employee allowing them to copy/transfer sensitive information assets conveniently, the practice that may actually increase the occurrence of detrimental security behaviors in the absence of management controls

    Dataveillance in the Workplace: Managing the Impact of Innovation

    Get PDF
    Background: Monitoring and surveillance are a fundamental part of the workplace environment, with employee performance and productivity as the main objects of scrutiny. However, many questions surround the ethical nature of managements’ ability to employ advanced digital technologies to monitor employee behaviour and performance while in the workplace. If unaddressed, these concerns have the potential to significantly impact the relationship between the employee and the employer, impacting trust in management resulting in negative attitudes and counterproductive behaviours. Objectives: The goal of this paper is to present a comprehensive review of workplace surveillance whilst outlining some of the emerging issues relating to the use of employee monitoring technologies in the workplace. Methods/Approach: A detailed review of the literature was conducted in order to identify the major issues relating to workplace surveillance. In addition, a number of practitioner-based studies were examined to extract and identify emerging trends and concerns at an industry level. Results: Workplace surveillance is on the rise; however, empirical studies are in short supply. Conclusions: The issue of workplace surveillance is an under-researched area, which requires much attention. There is a distinct need for clear measures and structures that govern the effective and fair use of communication technologies in the workplace

    Investigating Information Security Policy Characteristics: Do Quality, Enforcement and Compliance Reduce Organizational Fraud?

    Get PDF
    Organizational fraud, a deceitful practice or willful device resorted to with intent to deprive another of his right, or in some manner to do harm or injury, is a growing global concern. While cyberattacks from the outside are more expected, the internal security threat from trusted insiders is responsible for significantly more information compromise than external threats. Information systems make life easier but are increasingly used by employees to perpetrate fraudulent activities. For example, a trusted insider employee with access to sensitive customer databases could misappropriate information and sell it to a competitor for personal gain. These type losses are typical of organizational fraud averaging 5% of annual revenues, and current detection and prevention methods are not fully adequate to address the threat. This research examines how organizational fraud is affected by information security policy characteristics. We specifically study the effects of quality and enforcement as mediated by security compliance using a sampling of survey data from selected organizations. Our results show that increased quality and enforcement supports increased compliance. We found an inverse relationship between policy compliance and organizational fraud. Additionally, our model demonstrates that compliance fully mediates between policy quality, policy enforcement, and the dependent variable fraud

    ADOPTING IMMUNOLOGICAL METAPHORS IN CYBERSECURITY APPLICATIONS

    Get PDF
    The evolution of the computer virus remains constant, yet the metaphors used to explain the abstract ideas of computer science remain static. Previous cybersecurity research frames issues of security in physical security metaphors, using tangible ideas or icons, such as castles, to illustrate the need for defense-in-depth models for computer security. Research confirms that security techniques drawn from the castle metaphor serve to prevent infection by a previously identified variant of the virus, but those techniques are weak against novel strain or zero-day exploit. This thesis set out to answer the following question: What role can metaphors from emergent fields play in augmenting the dominant metaphors in cybersecurity applications? This research found metaphors provide limits for defenses and often carry assumptions about system design with them, allowing exploitation in unusual ways. When attacking computer systems designed around physical security models, malicious actors may take advantage of a system’s inherent weak points, and infection is inevitable in any networked system. Because complex attacks cannot be prevented by adopting ideas from a single metaphor or discipline of study, this thesis proposes reimagining cybersecurity threats through a wide variety of metaphorical lenses and adopting a plurality of defenses to augment physical security or defense-in-depth metaphors when addressing wicked problems in cybersecurity applications.Civilian, Department of Homeland SecurityApproved for public release. Distribution is unlimited

    Implanting Life-Cycle Privacy Policies in a Context Database

    Get PDF
    Ambient intelligence (AmI) environments continuously monitor surrounding individuals' context (e.g., location, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartness ability is tightly coupled to quantity and quality of the available (past and present) context. However, context is often linked to an individual (e.g., location of a given person) and as such falls under privacy directives. The goal of this paper is to enable the difficult wedding of privacy (automatically fulfilling users' privacy whishes) and smartness in the AmI. interestingly, privacy requirements in the AmI are different from traditional environments, where systems usually manage durable data (e.g., medical or banking information), collected and updated trustfully either by the donor herself, her doctor, or an employee of her bank. Therefore, proper information disclosure to third parties constitutes a major privacy concern in the traditional studies

    Changes in corporate governance of German corporations: convergence to the Anglo-American model?

    Get PDF
    This paper examines the many changes which have transformed the German system of corporate governance during the last seven odd years. It concludes that it is in the process of converging towards the Anglo-American system and that this has fundamentally affected the way strategic decisions are made in firms. Large, internationally oriented companies are particularly affected. But the notion of shareholder value and its many behavioural effects are gradually spreading also to other parts of the economy. Consequently, the distinctive logic, which had underpinned the German variety of capitalism during most of the post-war period, is eroding. This transformation is affecting also labour and industrial relations in negative ways. The argument is empirically substantiated with data about recent trends in capital markets, banks and firms. The paper theoretically examines institutional change, focussing on the notions of system logic and institutional complementarity. It examines both external sources of change and internal powerful actors who promote the process of transformation. The notion of hybridisation of the German business system is examined but is rejected in favour of a trend towards convergence. Convergence is not seen as a functional necessity, nor is it viewed as inevitable.Corporate governance, capital markets, German variety of capitalism, institutional change.
    • …
    corecore