Profiles of the Insider Threat

Cole, Eric; Ring, Sandra

doi:10.1016/b978-159749048-1/50010-8

Cited by 6 publications

(11 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To understand the financial implications of such attacks, we studied the most recently released reports on "Cost of Insider Threats" [2, 4,17]. According to these reports (containing data reporting from over 300 global organizations), the number of organizations experiencing insider incidents (between 21-40 events) annually has increased by 15% over the last four years.…”

Section: Introductionmentioning

confidence: 99%

“…Once an application has been installed on the device with the requested permissions, there is no way for an end-user to rectify the damage unless he/she decides to uninstall the application. In the employee's case, these alerts are investigated by human security (Security Operation Center (SOC)) analyst, which takes an average of 15 minutes according to the SPLUNK guide and recently published reports [2,17].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

Rauf

Mohsen

Wei

2023

JCSANDM

View full text Add to dashboard Cite

In the last two decades, the number of rapidly increasing cyber incidents (i.e., data theft and privacy breaches) shows that it is becoming enormously difficult for conventional defense mechanisms and architectures to neutralize modern cyber threats in a real-time situation. Disgruntled and rouge employees/agents and intrusive applications are two notorious classes of such modern threats, referred to as Insider Threats, which lead to data theft and privacy breaches. To counter such state-of-the-art threats, modern defense mechanisms require the incorporation of active threat analytics to proactively detect and mitigate any malicious intent at the employee or application level. Existing solutions to these problems intensively rely on co-relation, distance-based risk metrics, and human judgment. Especially when humans are kept in the loop for access-control policy-related decision-making against advanced persistent threats. As a consequence, the situation can escalate and lead to privacy/data breaches in case of insider threats. To confront such challenges, the security community has been striving to identify anomalous intent for advanced behavioral anomaly detection and auto-resiliency (the ability to deter an ongoing threat by policy tuning). Towards this dimension, we aim to review the literature in this domain and evaluate the effectiveness of existing approaches per our proposed criteria. According to our knowledge, this is one of the first endeavors toward developing evaluation-based standards to assess the effectiveness of relevant approaches in this domain while considering insider employees and intrusive applications simultaneously. There have been efforts in literature towards describing and understanding insider threats in general. However, none have addressed the detection and deterrence element in its entirety, hence making our contribution one of a kind. Towards the end of this article, we enlist and discuss the existing data sets. The data sets can help understand the attributes that play crucial roles in insider threat detection. In addition, they can be beneficial for testing the newly designed security solutions in this domain. We also present recommendations for establishing a baseline standard for analyzing insider-threat data sets. This baseline standard could be used in the future to design resilient architectures and provide a road map for organizations to enhance their defense capabilities against insider threats.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

Rauf

Mohsen

Wei

2023

JCSANDM

View full text Add to dashboard Cite

show abstract

“…Examples of concerning behaviors include increasing complaints to supervisors regarding salary, increased cell phone use at the office, refusal to work with new supervisors, increased outbursts directed at coworkers, and isolation from coworkers. 8 As described in a recent article on rogue insiders, the extensive and ongoing investigation of insider threat by CERT has determined that most cases carry a distinct pattern. According to CERT's technical manager Dawn Cappelli, "Usually the employees either have announced their resignation or have been formally reprimanded, demoted, or fired."…”

Section: Tion Filled With Bitterness and Frustration After Being Accmentioning

confidence: 99%

Modeling Human Behavior to Anticipate Insider Attacks

Greitzer¹,

Hohimer²

2011

JSS

View full text Add to dashboard Cite

human factors and social/behavioral science challenges through modeling and advanced engineering/computing approaches. This research focuses on the intelligence domain, including human behavior modeling with application to identifying/predicting malicious insider cyber activities, modeling socio-cultural factors as predictors of terrorist activities, and human information interaction concepts for enhancing intelligence analysis decision making. Dr. Greitzer's research interests also include evaluation methods and metrics for assessing effectiveness of decision aids, analysis methods and displays. Ryan Hohimer is a Senior Research Scientist at PNNL. His research interests include knowledge representation and reasoning, probabilistic reasoning, semantic computing, cognitive modeling, image analysis, data management, and data acquisition and analysis. He is currently serving as Principal Investigator of a Laboratory-directed Research and Development project that has designed and developed the CHAMPION reasoner. AbstractThe insider threat ranks among the most pressing cyber-security challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage, and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor, analyze, and correlate an overwhelming amount of data. We describe a predictive modeling framework that integrates a diverse set of data sources from the cyber domain, as well as inferred psychological/motivational factors that may underlie malicious insider exploits. This comprehensive threat assessment approach provides automated support for the detection of high-risk behavioral "triggers" to help focus the analyst's attention and inform the analysis. Designed to be domain-independent, the system may be applied to many different threat and warning analysis/sense-making problems.

show abstract

“…The readers may feel that few of these citations are quite old however; the fact is that, whether these citations are old or new, the impact is significant and the risk is still relevant today. In spite of the damage to their reputation and the potential for fines, more than 40% of respondents indicated that they were worried about bad press, indicating that organizations at least recognize the issue and the need to report breaches [17].…”

mentioning

confidence: 99%

Cyberpsychology Based insider Threat Prediction Model Approach for Cybersecurity

2023

IJFMR

View full text Add to dashboard Cite

This paper focuses on demonstrating a fundamental prediction model based on ordinal logistic regression technique for creating an awareness and the importance a holistic cybersecurity product and services based on Cyberpsychology. This is helpful for the universities and also the industries to integrate cyberpsychology into an AI-based cybersecurity product or services and that will be a powerful combination and may effectively prevent malicious internal attacks.

show abstract

Profiles of the Insider Threat

Cited by 6 publications

References 0 publications

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations

Modeling Human Behavior to Anticipate Insider Attacks

Cyberpsychology Based insider Threat Prediction Model Approach for Cybersecurity

Contact Info

Product

Resources

About