Detecting Insider Theft of Trade Secrets

Caputo, Deanna D.; Maloof, Marcus A.; Stephens, Gregory

doi:10.1109/msp.2009.110

Cited by 58 publications

(35 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We expect future work to use modeling and simulation to identify and evaluate the effectiveness of deterrent measures in the workplace, such as those suggested in Data Theft: A Prototypical Insider Threat [McCormick 2008]. Experiments such as those conducted at Mitre can also help validate hypotheses about the problem and test deterrent measures [Caputo 2009]. Prospective studies of these phenomena will always be challenging because of low base rates.…”

Section: Resultsmentioning

confidence: 99%

“…This study was based on the espionage and insider threat data collected by the Defense Personnel Security Research Center (PERSEREC) [Fischer 1993] ] [Shaw 2005]. In addition, social science experiments within organizations, such as those conducted at Mitre [Caputo 2009], can help validate hypotheses about the problem generated through empirical work such as described in this paper, as well as test deterrent measures against the threat patterns seen in cases of insider compromise.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Preliminary Model of Insider Theft of Intellectual Property

Moore¹,

Cappelli²,

Caron³

et al. 2011

View full text Add to dashboard Cite

A study conducted by the CERT ® Program at Carnegie Mellon University's Software Engineering Institute analyzed hundreds of insider cyber crimes across U.S. critical infrastructure sectors. Follow-up work involved detailed group modeling and analysis of 48 cases of insider theft of intellectual property. In the context of this paper, insider theft of intellectual property includes incidents in which the insider's primary goal is stealing confidential or proprietary information from the organization. This paper describes general observations about and a preliminary system dynamics model of this class of insider crime based on our empirical data. This work generates empirically-based hypotheses for validation and a basis for identifying mititgative measures in future work.

show abstract

Section: Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

A Preliminary Model of Insider Theft of Intellectual Property

Moore¹,

Cappelli²,

Caron³

et al. 2011

View full text Add to dashboard Cite

show abstract

“…Instead of all employees having to deal with the same procedures from day 1, increased levels of assurance can be implemented for new employees, with the restrictions gradually reduced the longer an employee stays in the organization -assurance should evolve to trust over time. Reducing the need for productivity-driven violations also improves the security experts' ability to protect the organization: reduction of the 'noise' introduced by productivity-driven 'legitimate' violations enables the implementation of clever monitoring implementations to identify malicious activity (insider or outsider attacks) [38].…”

Section: Balancing Trust and Assurancementioning

confidence: 99%

What Usable Security Really Means: Trusting and Engaging Users

Kirlappos

Sasse

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Non-compliance with security mechanisms and processes poses a significant risk to organizational security. Current approaches focus on designing systems that restrict user actions to make them 'secure', or providing user interfaces to make security tools 'easy to use'. We argue that an important but often-neglected aspect of compliance is trusting employees to 'do what's right' for security. Previous studies suggest that most employees are intrinsically motivated to behave securely, and that contextual elements of their relationship with the organization provide further motivation to stay secure. Drawing on research on trust, usable security, and economics of information security, we outline how the organization-employee trust relationship can be leveraged by security designers.Keywords: trust, usable security, information security management. Current State of Security Implementations in OrganizationsFor most people, the term 'information security' evokes technical mechanisms -such as authentication and access control -implemented to protect organizational assets [1]. Over the past two decades, awareness has been growing that many information security breaches were results of human error and social engineering; Bruce Schneier described people as the "weakest link" in the security chain [2]. Whilst some security experts have, unhelpfully, described users as stupid or careless [3], others have tried to increase compliance by providing 'more usable' security in some form. An implicit assumption of this work has been that -if people are able to use a security mechanism correctly, they would be motivated to do so [4][5][6][7][8][9] . Users look for efficiencies in their daily lives, and that means 'the less I have to think about security, the better'. And given that is the case, trust becomes important. The traditional "command-and-control" approach to information security management treats employees as untrustworthy components, whose behavior has to be constrained [4]. But recent research has revealed that even employees who do not comply with some security policies are motivated and act responsible when they recognize a security risk, and the cost to them is reasonable [10], [11],[15].Thus, designers of security mechanisms should consider how trust between an organization and its employees affects security behaviors. The role of trust in technology design has been examined by research aiming to create technology platforms that enable the development of trust relationships in online commerce and gaming [16][17][18][19][20][21]. In this paper we take a different path, building on the trust model by Riegelsberger et al. [16] to explain the benefits of treating employees as trusted entities in organizational security implementations. We (1) use the model explain the creation of a trust relationship between employees and organization, (2) analyze how that affects employee compliance decisions with security policies and mechanisms, and (3) present how the organization-employee trust relationship can be leverag...

show abstract

“…The definition of trust as "willingness to be vulnerable based on positive expectations about the actions of others" [39] may sound like an oxymoron to oldschool command and control security managers, but organisations where employees have increased responsibilities are more likely to establish a high-level of security awareness and improved understanding of the need for security [15][28] [40]. On the other hand, employees that abuse trust should be visibly punished; clever monitoring implementations can detect employee trust abuse [41] and employees that observe sanctions enforced, are less likely to attempt to knowingly abuse trust.…”

Section: Adjusting the Cost-benefit Perceptionmentioning

confidence: 99%

“Comply or Die” Is Dead: Long Live Security-Aware Principal Agents

Kirlappos

Beautement

Sasse

2013

Financial Cryptography and Data Security

View full text Add to dashboard Cite

Abstract.Information security has adapted to the modern collaborative organisational nature, and abandoned "command-andcontrol" approaches of the past. But when it comes to managing employee's information security behaviour, many organisations still use policies proscribing behaviour and sanctioning non-compliance. Whilst many organisations are aware that this "comply or die" approach does not work for modern enterprises where employees collaborate, share, and show initiative, they do not have an alternative approach to fostering secure behaviour. We present an interview analysis of 126 employees' reasons for not complying with organisational policies, identifying the perceived conflict of security with productive activities as the key driver for non-compliance and confirm the results using a survey of 1256 employees. We conclude that effective problem detection and security measure adaptation needs to be de-centralised -employees are the principal agents who must decide how to implement security in specific contexts. But this requires a higher level of security awareness and skills than most employees currently have. Any campaign aimed at security behaviour needs to transform employee's perception of their role in security, transforming them to security-aware principal agents.Keywords: Information security management, compliance, decision-making The need for Information SecurityOrganisations today face an ever-increasing number of information security threats: intellectual property theft can severely impact competitiveness, loss of customer information can damage corporate profiles and loss of access to corporate systems can impact the organisation's productivity [1]. Despite the significant amount of time being invested in producing effective security solutions by researchers and industry experts, the challenges and potential threats organisations face today are higher than ever [1].

show abstract

Detecting Insider Theft of Trade Secrets

Cited by 58 publications

References 4 publications

A Preliminary Model of Insider Theft of Intellectual Property

A Preliminary Model of Insider Theft of Intellectual Property

What Usable Security Really Means: Trusting and Engaging Users

“Comply or Die” Is Dead: Long Live Security-Aware Principal Agents

Contact Info

Product

Resources

About