Critical Analysis in the Research Area of Insider Threats

The survey of related works on insider information security (IS) threats is presented. Special attention is paid to works that consider the insiders' behavioral models as it is very up-to-date for behavioral intrusion detection. Three key research directions are defined: 1) the problem analysis in general, including the development of taxonomy for insiders, attacks and countermeasures; 2) study of a specific IS threat with forecasting model development; 3) early detection of a potential insider. The models for the second and third directions are analyzed in detail. Among the second group the works on three IS threats are examined, namely insider espionage, cyber sabotage and unintentional internal IS violation. Discussion and a few directions for the future research conclude the paper.

[1]  Dawn M. Cappelli,et al.  Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks , 2007 .

[2]  Mariki M. Eloff,et al.  Psychosocial risks: Can their effects on the security of information systems really be ignored? , 2013, Inf. Manag. Comput. Secur..

[3]  Thomas Bozek,et al.  Research on Mitigating the Insider Threat to Information Systems - #2 , 2000 .

[4]  Dawn M. Cappelli,et al.  Common Sense Guide to Mitigating Insider Threats 4th Edition , 2012 .

[5]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[6]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[7]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[8]  Deborah A. Frincke,et al.  A Risk Management Approach to the "Insider Threat" , 2010, Insider Threats in Cyber Security.

[9]  Ayako Komatsu,et al.  Who Sometimes Violates the Rule of the Organizations? An Empirical Study on Information Security Behaviors and Awareness , 2012, WEIS.

[10]  Takayuki Sasaki,et al.  A Framework for Detecting Insider Threats using Psychological Triggers , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[11]  Jose J. Gonzalez,et al.  A system dynamics model of an insider attack on an information system , 2003 .

[12]  Frank L. Greitzer,et al.  Modeling Human Behavior to Anticipate Insider Attacks , 2011 .

[13]  William Eberle,et al.  Insider Threat Detection Using Graph-Based Approaches , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[14]  Natalia G. Miloslavskaya,et al.  Analysis of Research on Specific Insider Information Security Threats , 2017, WorldCIST.

[15]  Eliot H. Rich,et al.  Simulating Insider Cyber-Threat Risks : A Model-Based Case and a Case-Based Model , 2005 .

[16]  Frank L. Greitzer,et al.  Identifying at-risk employees: A behavioral model for predicting potential insider threats , 2010 .

[17]  Lyndsey Franklin,et al.  Predictive Modeling for Insider Threat Mitigation , 2009 .

[18]  Lori Flynn,et al.  Best practices against insider threats for all nations , 2012, 2012 Third Worldwide Cybersecurity Summit (WCS).

[19]  C. Colwill,et al.  Dealing with the malicious insider , 2008 .

[20]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[21]  Kent S. Crawford,et al.  Assessment of Position Factors that Increase Vulnerability to Espionage , 1993 .

[22]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[23]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[24]  Alan Dove,et al.  The big picture. , 2005, Nature Network Boston.

[25]  Dawn M. Cappelli,et al.  Insider Theft of Intellectual Property for Business Advantage : A Preliminary Model , 2009 .

[26]  Randall F. Trzeciak,et al.  Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector , 2012 .