SOFIT: Sociotechnical and Organizational Factors for Insider Threat

Greitzer, Frank L.; Purl, Justin; Leong, Yung Mei; Becker, Dovid

doi:10.1109/spw.2018.00035

Cited by 27 publications

(38 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Recognizing target threat behaviors is therefore a complex, model-based classification process that involves inferences about multifaceted combinations or sequences of behavioral, psychological, and technical indicators. This interpretation of the threat assessment process provides a key rationale for related modeling efforts and the design of expert knowledge elicitation studies initially reported in [6] and [7] and extended here.…”

Section: General Modelmentioning

confidence: 70%

“…This paper describes continuing work on a comprehensive insider threat ontology [6] [7] that supports research to develop more effective decision support tools, facilitates insider threat program evaluation s, and promotes understanding of the complex insider threat domain. A hallmark of the ontology-called Sociotechnical and Organizational Factors for Insider Threat (SOFIT)-is the inclusion of behavioral, social, and organizational factors in addition to the cyber/technical factors traditionally identified with insider threat risk.…”

Section: Introductionmentioning

confidence: 99%

“…A hallmark of the ontology-called Sociotechnical and Organizational Factors for Insider Threat (SOFIT)-is the inclusion of behavioral, social, and organizational factors in addition to the cyber/technical factors traditionally identified with insider threat risk. A general description of SOFIT and its class structure is provided in [7]. While the ontology was based originally on a unidimensional hierarchical taxonomy of factors, relationships have been specified to more fully characterize additional associations among insider threat indicators and related constructs; these associations extend the ontology beyond the simple hierarchical taxonomy from which it was derived.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Modeling Expert Judgments of Insider Threat Using Ontology Structure: Effects of Individual Indicator Threat Value and Class Membership

Greitzer

Purl

Becker³

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

We describe research on a comprehensive ontology of sociotechnical and organizational factors for insider threat (SOFIT) and results of an expert knowledge elicitation study. The study examined how alternative insider threat assessment models may reflect associations among constructs beyond the relationships defined in the hierarchical class structure. Results clearly indicate that individual indicators contribute differentially to expert judgments of insider threat risk. Further, models based on ontology class structure more accurately predict expert judgments. There is some (although weak) empirical evidence that other associations among constructssuch as the roles that indicators play in an insider threat exploit-may also contribute to expert judgments of insider threat risk. These findings contribute to ongoing research aimed at development of more effective insider threat decision support tools.

show abstract

Section: General Modelmentioning

confidence: 70%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Modeling Expert Judgments of Insider Threat Using Ontology Structure: Effects of Individual Indicator Threat Value and Class Membership

Greitzer

Purl

Becker³

et al. 2019

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…客观要素方面通过采集命令执行、网络访问、文件操作和鼠标键盘使用等数据中的内部人员行为痕迹, 运用数据挖掘算法分析人员行为特征, 检测并预防内部威胁. 大数据环境下, 为精准刻画人员特征, 提升内部威胁检测的正确率, 需要扩大数据采集的深度和广度, 并且对主客观要素进行联合分析 [332] , 在 Greitzer 等 [333] 最新的研究成果中, 甚至将分析对象的心理、行为等个人因素进一步扩展到组织因素. 高效的海量数据处理、内部威胁特征分析和精确的内部威胁检测还需要大数据技术的支持.…”

Section: 基于大数据技术的服务与平台安全监管unclassified

Research progress on big data security technology

Chen¹,

Gao²,

Huilin³

et al. 2020

Sci. Sin.-Inf.

View full text Add to dashboard Cite

Independence and controllability of big data security Chinese Science Bulletin 60, 427 (2015); Research progress in the complexity theory and algorithms of big-data computation SCIENTIA SINICA Informationis 46, 1255 (2016); Real-time intelligent big data processing: technology, platform, and applications SCIENCE CHINA Information Sciences 62, 082101 (2019); Research on theory and key technology of trusted computing platform security testing and evaluation SCIENCE CHINA Information Sciences 53, 434 (2010); Earth observation big data for climate change research

show abstract

“…In addition, Capelli et al [18] indicate that non-technical and technical indicators are equally important to insider threat detection and prevention. Recent work [19] introduced SOFIT, a knowledge base (ontology) of individual and organizational sociotechnical factors for insider threats that expands on ITIO [20] (ontology that focuses on describing technical/cyber events). The authors demonstrated through a use case that non-technical indicators can enhance proactive insider threat mitigation.…”

Section: Introductionmentioning

confidence: 99%

A Framework for Data-Driven Physical Security and Insider Threat Detection

Mavroeidis

Vishi

Jøsang

2018

2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)

View full text Add to dashboard Cite

This paper presents PS0, an ontological framework and a methodology for improving physical security and insider threat detection. PS0 can facilitate forensic data analysis and proactively mitigate insider threats by leveraging rule-based anomaly detection. In all too many cases, rule-based anomaly detection can detect employee deviations from organizational security policies. In addition, PS0 can be considered a security provenance solution because of its ability to fully reconstruct attack patterns. Provenance graphs can be further analyzed to identify deceptive actions and overcome analytical mistakes that can result in bad decision-making, such as false attribution. Moreover, the information can be used to enrich the available intelligence (about intrusion attempts) that can form use cases to detect and remediate limitations in the system, such as loosely-coupled provenance graphs that in many cases indicate weaknesses in the physical security architecture. Ultimately, validation of the framework through use cases demonstrates and proves that PS0 can improve an organization's security posture in terms of physical security and insider threat detection.

show abstract

SOFIT: Sociotechnical and Organizational Factors for Insider Threat

Cited by 27 publications

References 30 publications

Modeling Expert Judgments of Insider Threat Using Ontology Structure: Effects of Individual Indicator Threat Value and Class Membership

Modeling Expert Judgments of Insider Threat Using Ontology Structure: Effects of Individual Indicator Threat Value and Class Membership

Research progress on big data security technology

A Framework for Data-Driven Physical Security and Insider Threat Detection

Contact Info

Product

Resources

About