Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies

Greitzer, Frank L.; Strozer, Jeremy; Cohen, Sholom; Bergey, John; Cowley, Jennifer A.; Moore, Andrew P.; Mundie, David A.

doi:10.1109/hicss.2014.256

Cited by 40 publications

(34 citation statements)

References 32 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The SE can then proceed to use this workstation as a pivot point for any further attacks on the organisation. This type of an attack is viable due to an unintentional insider threat [54,55].…”

Section: Indirect Communication -Templatementioning

confidence: 99%

Social engineering attack examples, templates and scenarios

Mouton

Leenen

Venter

2016

Computers & Security

136

View full text Add to dashboard Cite

The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.

show abstract

Section: Indirect Communication -Templatementioning

confidence: 99%

Social engineering attack examples, templates and scenarios

Mouton

Leenen

Venter

2016

Computers & Security

136

View full text Add to dashboard Cite

show abstract

“…Researchers have mentioned three types of non-compliance behaviour: malicious behaviour, negligent behaviour and unawareness. The main motivation for malicious behaviour is malicious intent to bring harm to an organization's information assets [11] [12], whereas negligent behaviour is intent to violate an organization's security policy but not to harm that organization [13]. The third type of non-complaint behaviour is due to unawareness, whereby end users are unaware of the importance of information security and the relevant organizational requirements.…”

Section: Non-compliance With Security Policymentioning

confidence: 99%

“…Khan et al's [14] research indicated that more than fifty percent of employees are unaware of the existence of an information security policy in their organisation. Moreover, Greitzer et al [13] state that users tend to dislike the active controls that are imposed on their PCs, and this can be seen in many organisations. The reason for users having an aversion to these controls is that they impose a group of no commands (e.g.…”

Section: Non-compliance With Security Policymentioning

confidence: 99%

A Novel Model for Monitoring Security Policy Compliance

Alotaibi¹,

Furnell²,

Clarke³

2016

JITST

View full text Add to dashboard Cite

show abstract

“…This description is refined by Grietzer et al [18] Observed&cyber&behaviour& e.g.,%Disabling%security% soIware% Fig. 1.…”

Section: A Accidental Insider Casesmentioning

confidence: 99%

Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat

Buckley

Nurse

Legg

et al. 2014

2014 Workshop on Socio-Technical Aspects in Security and Trust

View full text Add to dashboard Cite

Abstract-An enterprise's information security policy is an exceptionally important control as it provides the employees of an organisation with details of what is expected of them, and what they can expect from the organisation's security teams, as well as informing the culture within that organisation. The threat from accidental insiders is a reality across all enterprises and can be extremely damaging to the systems, data and reputation of an organisation. Recent industry reports and academic literature underline the fact that the risk of accidental insider compromise is potentially more pressing than that posed by a malicious insider. In this paper we focus on the ability of enterprises' information security policies to mitigate the accidental insider threat. Specifically we perform an analysis of real-world cases of accidental insider threat to define the key reasons, actions and impacts of these events -captured as a grounded insider threat classification scheme. This scheme is then used to perform a review of a set of organisational security policies to highlight their strengths and weaknesses when considering the prevention of incidents of accidental insider compromise. We present a set of questions that can be used to analyse an existing security policy to help control the risk of the accidental insider threat.

show abstract

Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies

Cited by 40 publications

References 32 publications

Social engineering attack examples, templates and scenarios

Social engineering attack examples, templates and scenarios

A Novel Model for Monitoring Security Policy Compliance

Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat

Contact Info

Product

Resources

About