Introduction to the special issue on insider threat modeling and simulation

Moore, Andrew P.; Kennedy, Kirk A.; Dover, Thomas

doi:10.1007/s10588-016-9210-8

Cited by 7 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Modeling and simulation approaches from the social and behavioral sciences can be used to generate synthetic data and build in control groups and/or comparison groups. 113 Additional modeling methodologies from military intelligence and counterterrorism have potential application to insider threat as well. 114,115 Both of these approaches may contribute to the development of a scientific discipline of insider threat to rigorously test hypotheses, confirm or refute existing theory, or lead to the development of new theory.…”

Section: Discussionmentioning

confidence: 99%

Spy the Lie: Detecting Malicious Insiders

Noonan

2018

View full text Add to dashboard Cite

Insider threat is a hard problem. There is no ground truth, there are innumerable variables, and the data is sparse. The types of crimes and abuses associated with insider threats are significant; the most serious include espionage, sabotage, terrorism, embezzlement, extortion, bribery, and corruption. Malicious activities include an even broader range of exploits, such as negligent use of classified data, fraud, cybercrime, unauthorized access to sensitive information, and illicit communications with unauthorized recipients. Inadvertent action or inaction without malicious intent (e.g., disposing of sensitive documents incorrectly) can also cause harm to an organization. This literature review paper will explore insider threat, specifically behaviors, beliefs, and current debates within the field. Additionally particular focus is given to deception, a significant behavioral component of the malicious insider. Finally, research and policy implications for law enforcement and the intelligence community are addressed. The cutoff date for literature reviewed for this report is July 2016.

show abstract

Section: Discussionmentioning

confidence: 99%

Spy the Lie: Detecting Malicious Insiders

Noonan

2018

View full text Add to dashboard Cite

show abstract

“…With the increased risk of insider threats, organisations should set up certain controls to protect their data from being stolen. However, there are some findings in the literature, such as Moore et al (2016), which indicate that many organisations do not have any existing program or plan to control insider threats, and the programs that do exist have serious insufficiencies. Indeed, it is very risky to ignore the importance of data protection, and in doing so an organisation might end up embroiled in fraud, bankruptcy or reputational damages.…”

Section: Literature Reviewmentioning

confidence: 99%

“…However, according to the findings in the literature, many organisations have no insider threat program in place, and most programs that do exist have serious deficiencies (Moore et al , 2016). Moreover, the results of industry surveys indicate that some organisations certainly would not pay attention to increasing the security education of their employees, contractors, and business partners (Farahmand and Spafford, 2013; Nurse et al , 2014).…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Towards protecting organisations’ data by preventing data theft by malicious insiders

Al-Harrasi¹,

Shaikh

Al‐Badi³

2021

IJOA

View full text Add to dashboard Cite

Purpose One of the most important Information Security (IS) concerns nowadays is data theft or data leakage. To mitigate this type of risk, organisations use a solid infrastructure and deploy multiple layers of security protection technology and protocols such as firewalls, VPNs and IPsec VPN. However, these technologies do not guarantee data protection, and especially from insiders. Insider threat is a critical risk that can cause harm to the organisation through data theft. The main purpose of this study was to investigate and identify the threats related to data theft caused by insiders in organisations and explore the efforts made by them to control data leakage. Design/methodology/approach The study proposed a conceptual model to protect organisations’ data by preventing data theft by malicious insiders. The researchers conducted a comprehensive literature review to achieve the objectives of this study. The collection of the data for this study is based on earlier studies conducted by several researchers from January 2011 to December 2020. All the selected literature is from journal articles, conference articles and conference proceedings using various databases. Findings The study revealed three main findings: first, the main risks inherent in data theft are financial fraud, intellectual property theft, and sabotage of IT infrastructure. Second, there are still some organisations that are not considering data theft by insiders as being a severe risk that should be well controlled. Lastly, the main factors motivating the insiders to perform data leakage activities are financial gain, lack of fairness and justice in the workplace, the psychology or characteristics of the insiders, new technologies, lack of education and awareness and lack of management tools for understanding insider threats. Originality/value The study provides a holistic view of data theft by insiders, focusing on the problem from an organisational point of view. Organisations can therefore take into consideration our recommendations to reduce the risks of data leakage by their employees.

show abstract

“…Insider threat is defined as any activity by military, government, or private company employees whose actions or inactions, by intent or negligence, result (or could result) in the loss of critical information or valued assets [2]. Two types of insider threats are distinguished: malicious insider threats and unintentional insider threats [3].…”

Section: Introductionmentioning

confidence: 99%

Method and System for Detecting Anomalous User Behaviors: An Ensemble Approach

Xi¹,

Zhang²,

Du³

et al. 2018

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

Malicious user behavior that does not trigger access violation or data leak alert is difficult to detect. Using the stolen login credentials, the intruder doing espionage will first try to stay undetected, silently collect data that he is authorized to access from the company network. This paper presents an overview of User Behavior Analytics Platform built to collect logs, extract features and detect anomalous users which may contain potential insider threats. Besides, a multi-algorithms ensemble, combining OCSVM, RNN and Isolation Forest, is introduced. The experiment showed that the system with an ensemble of unsupervised anomaly detection algorithms can detect abnormal user behavior patterns. The experiment results indicate that OCSVM and RNN suffer from anomalies in the training set, and iF orest gives more false positives and false negatives, while the ensemble of three algorithms has great performance and achieves recall 96.55% and accuracy 91.24% on average.

show abstract

Introduction to the special issue on insider threat modeling and simulation

Cited by 7 publications

References 13 publications

Spy the Lie: Detecting Malicious Insiders

Spy the Lie: Detecting Malicious Insiders

Towards protecting organisations’ data by preventing data theft by malicious insiders

Method and System for Detecting Anomalous User Behaviors: An Ensemble Approach

Contact Info

Product

Resources

About