Insider Threat Behavior Factors: A Comparison of Theory with Reported Incidents

Almost all organizations and sectors are currently faced with the problem of insider threats to vital computer assets. Internal incidents can cause more than just financial losses, the costs can also include loss of clients and damage to an organization's reputation. Substantial academic research investigating internal threats has been conducted. This paper examines a number of theoretical models drawn from academic literature to identify a set of factors that are thought to be behavior factors associated with insider threats. These factors are then critiqued using empirical evidence from reported incidents, resulting in insights into areas where the theoretical perspectives of academic literature are both supported and unsupported by actual case evidence. The paper concludes with recommendations for future research directions for academic researchers.

[1]  Behavioral Parameters of Trustworthiness for Countering Insider Threats , 2008 .

[2]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[3]  L. Jean Camp,et al.  Mitigating Inadvertent Insider Threats with Incentives , 2009, Financial Cryptography.

[4]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[5]  Shigeo Tsujii On Information Security , 1987 .

[6]  George Fyffe,et al.  Insider Threats: Addressing the insider threat , 2008 .

[7]  B. Burmahl The big picture. , 2000, Health facilities management.

[8]  Steven M. Bellovin,et al.  The Insider Attack Problem Nature and Scope , 2008, Insider Attack and Cyber Security.

[9]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[10]  L. Jean Camp,et al.  Game-theoretic modeling and analysis of insider threats , 2008, Int. J. Crit. Infrastructure Prot..

[11]  Jean Hitchings,et al.  Deficiencies of the traditional approach to information security and the requirements for a new methodology , 1995, Comput. Secur..

[12]  Steven Furnell,et al.  Malicious or misinformed? Exploring a contributor to the insider threat , 2006 .

[13]  V. Devita,et al.  We Have Met the Enemy and He Is Us , 2011 .

[14]  T. Bynum Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing , 1991 .

[15]  Brajendra Panda,et al.  Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders , 2009, ICISS.

[16]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[17]  Stephen H. Conrad,et al.  A behavioral theory of insider-threat risks: A system dynamics approach , 2008, TOMC.

[18]  Brajendra Panda,et al.  A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack , 2008, SEC.

[19]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[20]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[21]  Dawn M. Cappelli,et al.  Insider Theft of Intellectual Property for Business Advantage : A Preliminary Model , 2009 .

[22]  James F. Burke,et al.  Toward a Generic Model of Security in an Organizational Context:  Exploring Insider Threats to Information Infrastructure , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[23]  Randall F. Trzeciak,et al.  Common Sense Guide to Prevention and Detection of Insider Threats , 2006 .

[24]  Charles P. Pfleeger Reflections on the Insider Threat , 2008, Insider Attack and Cyber Security.

[25]  Ning Hu,et al.  Applying role based access control and genetic algorithms to insider threat detection , 2006, ACM-SE 44.

[26]  Iain Crinson,et al.  Assessing the 'insider-outsider threat' duality in the context of the development of public-private partnerships delivering 'choice' in healthcare services: A sociomaterial critique , 2008, Inf. Secur. Tech. Rep..

[27]  Fred Cohen Managing Network Security: The New Cyber Gang - A Real Threat Profile , 2001 .

[28]  Thomas P. Minka,et al.  Gates , 2008, NIPS.

[29]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[30]  Shambhu J. Upadhyaya,et al.  Security policies to mitigate insider threat in the document control domain , 2004, 20th Annual Computer Security Applications Conference.

[31]  Michael Hayden The Insider Threat to U.S. Government Information Systems , 1999 .

[32]  Salvatore J. Stolfo,et al.  Addressing the Insider Threat , 2009, IEEE Security & Privacy Magazine.

[33]  Eric D. Shaw,et al.  The role of behavioral research and profiling in malicious cyber insider investigations , 2006, Digit. Investig..

[34]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[35]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[36]  Beatrice Gralton,et al.  Washington DC - USA , 2008 .

[37]  Randall F. Trzeciak,et al.  An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases , 2011 .

[38]  Brian Contos Column: Insider threat monitoring is enhanced by asset relevance , 2007 .

[39]  Agata Sawicka,et al.  A Framework for Human Factors in Information Security , 2002 .

[40]  Robert Taylor,et al.  Criminal profiling and insider cyber crime , 2005, Digit. Investig..

[41]  Richard Walton,et al.  Balancing the insider and outsider threat , 2006 .

[42]  T. Forester,et al.  Computer ethics: Cautionary tales and ethical dilemmas in computing , 1990 .

[43]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[44]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector , 2008 .

[45]  Terrence Walker,et al.  Practical management of malicious insider threat - An enterprise CSIRT perspective , 2008, Inf. Secur. Tech. Rep..

[46]  Eleanor Dallaway Editorial: You're only human , 2008 .

[47]  Robert F. Mills,et al.  Using PLSI-U to Detect Insider Threats from Email Traffic , 2006, IFIP Int. Conf. Digital Forensics.

[48]  Mike Kemp Insider Attacks: Barbarians inside the gates: addressing internal security threats , 2005 .

[49]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[50]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .

[51]  Steven Furnell Enemies within: the problem of insider attacks , 2004 .