Developing an Insider Threat Training Environment

Many cyber security officers are more concerned with outside rather than insider threats because the enemy is generally perceived as being “out there” or beyond the organization. Therefore, defensive actions are readily available once an outside threat is identified (Colwill in Human factors in information security: the insider threat—who can you trust these days? pp. 186–196, 2009 [1]). Contradictory to the ideas of social identification as an “us” and “them,” the greatest enemy may be lurking within one’s own organization. Individuals are considered insiders if they presently have (or at one time had) permission to access an organization’s data or network structures (Greitzer et al. in Secur Priv IEEE 6(1):61–64, 2008 [2]). The concept of the insider threat is considered one of the most difficult situations to deal with in the cybersecurity domain (Hunker and Probst in J Wireless Mobile Netw Ubiquitous Comput Dependable Appl 2(1):4–27, 2011 [3]). The Association of Certified Fraud Examiners has reported two-thirds of fraud and identity thefts are executed by organizations’ employees or other known insiders. They also estimate U.S. companies have lost 5 % of revenue to fraudulent insider activities (Randazzo et al. in Insider threat study: illicit cyber activity in the banking and finance sector, 2005 [4]). Insiders have multiple advantages over an outsider. An insider threat is one of the most difficult situations to identify. Therefore, it is critical that training be developed. The first step to effective training is constructing an environment that lends itself to insider threat situations. The present paper describes the process in which one insider threat virtual environment was constructed. A discussion of the considerations and functional features is detailed.

[1]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[2]  A. R. Panganiban,et al.  PROFILING TASK STRESS WITH THE DUNDEE STRESS STATE QUESTIONNAIRE , 2013 .

[3]  Munir Ahmed,et al.  Human Errors in Information Security , 2012 .

[4]  Pascale Carayon,et al.  Human and organizational factors in computer and information security: Pathways to vulnerabilities , 2009, Comput. Secur..

[5]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[6]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[7]  Merrill Warkentin,et al.  Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..

[8]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[9]  H. Nissenbaum,et al.  Digital Disaster, Cyber Security, and the Copenhagen School , 2009 .

[10]  Cynthia E. Irvine,et al.  A video game for cyber security training and awareness , 2007, Comput. Secur..

[11]  Robin A. Gandhi,et al.  Dimensions of Cyber-Attacks: Cultural, Social, Economic, and Political , 2011, IEEE Technology and Society Magazine.

[12]  Dylan D. Schmorrow,et al.  The PSI Handbook of Virtual Environments for Training and Education [Three Volumes]: Developments for the Military and Beyond , 2008 .

[13]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[14]  KraemerSara,et al.  Human and organizational factors in computer and information security , 2009 .

[15]  Brian M. Bowen,et al.  Measuring the human factor of cyber security , 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST).

[16]  Michael J. Singer,et al.  Measuring Presence in Virtual Environments: A Presence Questionnaire , 1998, Presence.