Leader’s dilemma game: An experimental design for cyber insider threat research

One of the problems with insider threat research is the lack of a complete 360° view of an insider threat dataset due to inadequate experimental design. This has prevented us from modeling a computational system to protect against insider threat situations. This paper provides a contemporary methodological approach for using online games to simulate insider betrayal for predictive behavioral research. The Leader’s Dilemma Game simulates an insider betrayal scenario for analyzing organizational trust relationships, providing an opportunity to examine the trustworthiness of focal individuals, as measured by humans as sensors engaging in computer-mediated communication. This experimental design provides a window into trustworthiness attribution that can generate a rigorous and relevant behavioral dataset, and contributes to building a cyber laboratory that advances future insider threat study.

[1]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[2]  Richard Baskerville,et al.  Generalizing Generalizability in Information Systems Research , 2003, Inf. Syst. Res..

[3]  Eugene H. Spafford,et al.  Understanding insiders: An analysis of risk-taking behavior , 2013, Inf. Syst. Frontiers.

[4]  Jung Hoon Baeg,et al.  Insider Threat: Language-action Cues in Group Dynamics , 2015, CPR.

[5]  Mike Burmester,et al.  Demystifying Insider Threat: Language-Action Cues in Group Dynamics , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[6]  Tero Vartiainen,et al.  What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..

[7]  D. Farrow,et al.  The power motive as an influence on use of power. , 1979 .

[8]  J. G. Holmes,et al.  Trust in close relationships. , 1985 .

[9]  K. Abbink,et al.  The Moonlighting Game An Experimental Study On Reciprocity And Retribution , 2000 .

[10]  V. Smith,et al.  Positive reciprocity and intentions in trust games , 2003 .

[11]  Detmar W. Straub,et al.  Featured Talk: Measuring Secure Behavior: A Research Commentary , 2012 .

[12]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[13]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[14]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[15]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[16]  Allen S. Lee Rigor and relevance in MIS research: beyond the approach of positivism alone , 1999 .

[17]  Harini Nagendra Power Corrupts - Absolute Power Corrupts Absolutely... , 1999 .

[18]  Gary W. Muller,et al.  Designing Effective Organizations: The Sociotechnical Systems Perspective , 1988 .

[19]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[20]  Bob Toxen The NSA and Snowden: securing the all-seeing eye , 2014, CACM.

[21]  Juhee Kwon,et al.  An Organizational Learning Perspective on Proactive vs. Reactive investment in Information Security , 2011, WEIS.

[22]  E. Al-Shaer,et al.  Firewall Policy Advisor for anomaly discovery and rule editing , 2003, IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003..

[23]  Hubert Gerbeau L'esclavage et son ombre : l'île de Bourbon aux XIXe et XXe siècles : Power tends to corrupt, and absolute power corrupts absolutely John Emerich Dalberg, Lord Acton (1834-1902), historical essays and studies , 2005 .

[24]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[25]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[26]  Shuyuan Mary Ho Cyber Insider Threat: Trustworthiness in Virtual Organizations , 2014 .

[27]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[28]  Douglas B. Terry Publish now, judge later , 2014, CACM.

[29]  N. Kriegeskorte,et al.  Neural correlates of trust , 2007, Proceedings of the National Academy of Sciences.

[30]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[31]  Henry L. Bretton,et al.  The power of money : a political-economic analysis with special emphasis on the American political system , 1980 .

[32]  Leigh Thompson,et al.  The role of the self-concept and the social context in determining the behavior of power holders: self-construal in intergroup versus dyadic dispute resolution negotiations. , 2007, Journal of personality and social psychology.

[33]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[34]  Joseph Cooper,et al.  Institutional Context and Leadership Style: The House from Cannon to Rayburn , 1981, American Political Science Review.

[35]  Mohamed G. Gouda,et al.  Firewall design: consistency, completeness, and compactness , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[36]  Jonathan M. Hollister,et al.  Cyber Insider Threat in Virtual Organizations , 2014 .

[37]  J. Nash NON-COOPERATIVE GAMES , 1951, Classics in Game Theory.

[38]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[39]  H. Kelley The processes of causal attribution. , 1973 .

[40]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[41]  Gerardine DeSanctis,et al.  ICIS Paper: Methodological Issues in Experimental IS Research: Experiences and Recommendations , 1985, MIS Q..

[42]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[43]  F. Heider The psychology of interpersonal relations , 1958 .

[44]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[45]  Miguel A. Costa-Gomes,et al.  Cognition and Behavior in Normal-Form Games: An Experimental Study , 1998 .

[46]  Joyce E. Berg,et al.  Trust, Reciprocity, and Social History , 1995 .

[47]  Ruth Seurinck,et al.  Establishing cooperation in a mixed-motive social dilemma. An fMRI study investigating the role of social value orientation and dispositional trust , 2014, Social neuroscience.

[48]  Larry Kerschberg,et al.  Virtual organization security policies: An ontology-based integration approach , 2007, Inf. Syst. Frontiers.

[49]  D. Straub Validating Instruments in MIS Research 1 , 2002 .

[50]  Alison Mackey,et al.  A Social Actor Conception of Organizational Identity and Its Implications for the Study of Organizational Reputation , 2002 .

[51]  Mudge Insider Threat , 2003, login Usenix Mag..

[52]  John A. Clark,et al.  Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise , 2013, Inf. Syst. Frontiers.

[53]  Izak Benbasat,et al.  Dyadic attribution model: A mechanism to assess trustworthiness in virtual organizations , 2014, J. Assoc. Inf. Sci. Technol..

[54]  Bob Toxen The NSA and Snowden: Securing the All-Seeing Eye , 2014 .

[55]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[56]  Rachel T. A. Croson,et al.  Gender and Culture: International Experimental Evidence from Trust Games , 1999 .

[57]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[58]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[59]  Dawn M. Cappelli,et al.  Combating the Insider Cyber Threat , 2008, IEEE Security & Privacy.

[60]  Viswanath Venkatesh,et al.  Bridging the Qualitative-Quantitative Divide: Guidelines for Conducting Mixed Methods Research in Information Systems , 2013, MIS Q..

[61]  J. H. Davis,et al.  The effect of the performance appraisal system on trust for management: A field quasi-experiment. , 1999 .

[62]  Mikko T. Siponen,et al.  Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations , 2014, Eur. J. Inf. Syst..

[63]  J. McGrath Methodology matters: doing research in the behavioral and social sciences , 1995 .

[64]  J. Lieberman,et al.  The Litigious Society , 1981 .

[65]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly , 2008, IEEE Security & Privacy.

[66]  Mike Burmester,et al.  Dyadic Attribution: A Theoretical Model for Interpreting Online Words and Actions , 2014, SBP.

[67]  David Lacey,et al.  Detecting complex account fraud in the enterprise: The role of technical and non-technical controls , 2011, Decis. Support Syst..

[68]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.