Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders

On Screening and the Insider Threat – A Methodological Exploration

An under researched issue in security is screening combined with the insider threat. One of the problems is the lack of data. Human Resource Management (HRM) departments don’t like to disclose cases and modus operandi. Also the filing is incomplete. It leads to a situation in which theory building is hardly possible. Therefore, this explorative essay is written from a more methodological perspective. From the scarce information that was obtained from expert practitioners, there seems not to be such a thing as a standard profile of an insider threat. At the same time, an estimated 75% of the offenders has shown to have been actually bona fide at the original pre-employment screening. It calls for a reflection on current screening practices. Such an approach has its limitations. Scenarios for offenders cannot be built, because the causes are too diverse and the cases too unique. As files are hardly kept – and HRM departments are not so willing to share – a big data approach is also not a likely option. A way out could be to test the loyalty of employees. In such a system, the emphasis will be on a so-called during-employment screening. The interviewer, together with the applicant, will assess the applicant’s vulnerabilities. After this assessment, the applicant will be tested on his/her vulnerabilities during his/her entire career, Also, there needs to be a shift in the culture at HRM departments. They have to change from steering on mistakes, into being a safety net for employees that have (personal) problems. It also implies a change in interaction – from discussion to dialogue. Finally, in a working environment that is evolving towards a more networked way of working – compared to the classic hierarchical office work – the rethinking concerning the screening practices will only be the more pressing

An Evolutionary Approach for Learning Attack Specifications in Network Graphs

This paper presents an evolutionary algorithm that learns attack scenarios, called attack specifications, from a network graph. This learning process aims to find attack specifications that minimise cost and maximise the value that an attacker gets from a successful attack. The attack specifications that the algorithm learns are represented using an approach based on Hoare's CSP (Communicating Sequential Processes). This new approach is able to represent several elements found in attacks, for example synchronisation. These attack specifications can be used by network administrators to find vulnerable scenarios, composed from the basic constructs Sequence, Parallel and Choice, that lead to valuable assets in the network

The insider on the outside: a novel system for the detection of information leakers in social networks

Confidential information is all too easily leaked by naive users posting comments. In this paper we introduce DUIL, a system for Detecting Unintentional Information Leakers. The value of DUIL is in its ability to detect those responsible for information leakage that occurs through comments posted on news articles in a public environment, when those articles have withheld material non-public information. DUIL is comprised of several artefacts, each designed to analyse a different aspect of this challenge: the information, the user(s) who posted the information, and the user(s) who may be involved in the dissemination of information. We present a design science analysis of DUIL as an information system artefact comprised of social, information, and technology artefacts. We demonstrate the performance of DUIL on real data crawled from several Facebook news pages spanning two years of news articles

Ethical considerations when carrying out research in one’s own academic institution

This particular kind of research brings about a series of ethical considerations that may be quite unique to this scenario. One needs to mention the dual role of employee and researcher held by the person carrying out the research. There will certainly be ethical issues that one needs to consider when carrying out research on the institution where one’s colleagues, superiors, students, administration, and support staff, etc are found as they will form part of the research itself. This may ultimately lead the researcher to face conflicting values and beliefs that may affect the objectivity of the researcher and ultimately the validity of the research process itself.peer-reviewe

Common Representation of Information Flows for Dynamic Coalitions

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow

Path dependence, corporate governance and complementarity

In a series of recent papers, Mark Roe and Lucian Bebchuk have developed further the concept of path dependence, combined it with concepts of evolution and used it to challenge the wide-spread view that the corporate governance systems of the major advanced economies are likely to converge towards the economically best system at a rapid pace. The present paper shares this skepticism, but adds several aspects which strengthen the point made by Roe and Bebchuk. The present paper argues that it is important for the topic under discussion to distinguish clearly between two arguments which can explain path dependence. One of them is based on the role of adjustment costs, and the other one uses concepts borrowed from evolutionary biology. Making this distinction is important because the two concepts of path dependence have different implications for the issue of rapid convergence to the best system. In addition, we introduce a formal concept of complementarity and demonstrate that national corporate governance systems are usefully regarded as – possibly consistent – systems of complementary elements. Complementarity is a reason for path dependence which supports the socio-biological argument. The dynamic properties of systems composed of complementary elements are such that a rapid convergence towards a universally best corporate governance systems is not likely to happen. We then proceed by showing for the case of corporate governance systems shaped by complementarity, that there even is the possibility of a convergence towards a common system which is economically inferior. And in the specific case of European integration, "inefficient convergence" of corporate governance systems is a possible future course of events. First version December 1998, this version March 2000

A descriptive review and classification of organizational information security awareness research

Information security awareness (ISA) is a vital component of information security in organizations. The purpose of this research is to descriptively review and classify the current body of knowledge on ISA. A sample of 59 peer-reviewed academic journal articles, which were published over the last decade from 2008 to 2018, were analyzed. Articles were classified using coding techniques from the grounded theory literature-review method. The results show that ISA research is evolving with behavioral research studies still being explored. Quantitative empirical research is the dominant methodology and the top three theories used are general deterrence theory, theory of planned behavior, and protection motivation theory. Future research could focus on qualitative approaches to provide greater depth of ISA understanding