The Dynamic Nature of Insider Threat Indicators

被引:0
作者
Frank L. Greitzer
Justin Purl
机构
[1] PsyberAnalytix, Richland, WA
[2] Human Resources Research Organization, Alexandria, VA
[3] Google, Mountain View, CA
来源
SN Computer Science | 2022年 / 3卷 / 2期
关键词
Cybersecurity; Information security; Insider threat; Insider threat indicators; Risk assessment;
D O I
10.1007/s42979-021-00990-1
中图分类号
学科分类号
摘要
Insider threat indicators are not equally indicative of potential insider threat activity. Indicator risk assessments depend not only on the number of observed concerning behaviors, but also on their nature. This paper discusses some initial work examining features and relationships among indicators that underlie this dynamic characteristic of insider threat indicators. Among the factors that may affect the level of concern of insider threat indicators are temporal factors and indicator interactions. An expert knowledge elicitation study was conducted to examine possible temporal effects and indicator interactions on judged level of concern for individual and/or combinations of indicators. Results suggested that the impact of an indicator on expert judgment of threat tends to decrease over time and that increments in threat value when indicators are aggregated are not simply a linear combination of the individual threat values. Broader implications of this dynamic nature of insider threat indicators are discussed. © The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd 2021.
引用
收藏
相关论文
共 24 条
[1]  
Common Sense Guide to Mitigating Insider Threats, (2016)
[2]  
Schultz E.E., A framework for understanding and predicting insider attacks, Comput Secur, 21, 6, pp. 526-531, (2002)
[3]  
Magklaras G.B., Furnell S.M., A preliminary model of end user sophistication for insider threat prediction in IT systems, Comput Secur, 24, 5, pp. 371-380, (2005)
[4]  
Legg P., Moffat N., Nurse J.R.C., Happa J., Agrafiotis I., Goldsmith M., Creese S., Towards a conceptual model and reasoning structure for insider threat detection, J Wirel Mob Netw Ubiquitous Comput Dependable Appl, 4, 4, pp. 20-37, (2013)
[5]  
Nurse J.R.C., Buckley O., Legg P., Goldsmith M., Creese S., Wright G.R.T., Whitty M., Understanding insider threat: a framework for characterising attacks. IEEE security and privacy workshops (SPW), San Jose, CA, IEEE, pp. 214-228, (2014)
[6]  
Greitzer F.L., Kangas L.J., Noonan C.F., Brown C.R., Ferryman T., Psychosocial modeling of insider threat risk based on behavioral and word use analysis, E-Service J, 9, 1, pp. 106-138, (2014)
[7]  
Greitzer F.L., Purl J., Leong Y.M., Becker D.E., SOFIT: sociotechnical and organizational factors for insider threat, 2018 IEEE security and privacy workshops
[8]  
Greitzer F.L., Purl J., Becker D.E., Sticha P., Leong Y.M., Modeling expert judgments of insider threat using ontology structure: effects of individual indicator threat value and class membership, 52nd Hawaii international conference on systems sciences (HICSS-52), pp. 3202-3211, (2019)
[9]  
Senator T.E., Et al., Detecting insider threats in a real corporate database of computer usage activity. Proceedings of the 19th ACM SIGKDD conference on knowledge discovery and data mining, Aug 11–14, Chicago, IL, pp. 1393-1401, (2013)
[10]  
Buede D.M., Axelrad E.T., Brown D.P., Hudson D.W., Laskey K.B., Sticha P.J., Thomas J.L., Inference enterprise models: An approach to organizational performance improvement, Wiley Interdiscip Rev Data Min Knowl Discov, 8, 6, (2018)
123