Abstract
The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, to support a move from an insider threat detection stance to one that enables prediction of potential insider presence. Twodistinctiveaspects of the approach are the objectiveof predicting or anticipating potential risksandthe useoforganizational datain additiontocyber datato support the analysis. The chapter describes the challenges of this endeavor and reports on progressin definingausablesetof predictiveindicators,developingaframeworkfor integratingthe analysisoforganizationalandcyber securitydatatoyield predictions about possible insider exploits, and developing the knowledge base and reasoning capabilityof the system.We also outline the typesof errors that oneexpectsina predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.P.: An ontological approach to the document access problem of insider threat. In: Proceedigs of the IEEE International Conference on Intelligence and Security Informatics (ISI 2005), pp. 486–491 (2005)
Band, S.R., Cappelli, D., Fischer, L.F., Moore, A.P., Shaw, E.D., Trzeciak, R.F.: Comparing insider IT sabotage and espionage: A model-based analysis. Tech. rep., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania, U.S.A. (2006)
Barbosa, R., Silva, N., Duraes, J., Madeira, H.: Verification and validation of (real time) COTS products using fault injection techniques. In: Proceedings of the Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems (ICCBSS ’07), pp. 233–242. IEEE Computer Society, Washington, DC, USA (2007)
Brown, W.S.: Technology, workplace privacy and personhood. Journal of Business Ethics 15(11), 1237–1248 (1996)
Butts, J.W., Mills, R.F., Baldwin, R.O.: Developing an insider threat model using functional decomposition. In: Proceedings of the Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS 2005), pp. 412–417 (2005)
Cappelli, D.M., Desai, A.G., Moore, A.P., Shimeall, T.J., Weaver, E.A., Willke, B.J.: Management and education of the risk of insider threat (MERIT): Mitigating the risk of sabotage to employers? information, systems, or networks. Tech. rep., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2006)
Cappelli, D.M., Moore, A.P., Trzeciak, R.F., Shimeall, T.J.: Common sense guide to prevention and detection of insider threats. Tech. rep., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2009). 3rd edition, version 301. Available at http: //www.cert.org/archive/pdf/CSG-V3.pdf.
Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S.J.: Towards a theory of insider threat assessment. In: Proceedings of The International Conference on Dependable Systems and Networks (DSN 2005), pp. 108–117 (2005)
Costa, P.C.G., Laskey, K.B., Revankar, M., Mirza, S., Alghamdi, G., Barbar, D., Shakelford, T., Wright, E.J.: DTB project: A behavioral model for detecting insider threats. In: Proceedings of the 2005 International Conference on Intelligence Analysis. The Mitre Corporation (2005)
Doucette, P.J., Harvey, W.J., Hohimer, R.E., Martucci, L.M., Paulson, P.R., Petrie, G.M., Pike, B.A., Seedahmed, G.H.: Characterizing motion in video streams using supple knowledge. Tech. Rep. PNNL-16518, Pacific Northwest National Laboratory, Richland, Washington (2007)
Gabrielson, B., Goertzel, K.M., Hoenicke, B., Kleiner, D., Winograd, T.: The insider threat to information systems. State-of-the-art report. Tech. rep., Information Assurance Technology Analysis Center, Herndon, Virginia (2008)
Gelles, M.: Exploring the mind of the spy. In: Employees’ Guide to Security Responsibilities. Texas A&M University Research Foundation, College Station, Texas (2005)
Greitzer, F.L., Frincke, D.A., Zabriskie, M.M.: Social/ethical issues in predictive insider threat monitoring. In: M.J. Dark (ed.) Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives. IGI Global, Hershey, Pennsylvania (in press)
Greitzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., Hull, T.D.: Combating the insider cyber threat. IEEE Security and Privacy 6, 61–64 (2008)
Greitzer, F.L., Paulson, P.R., Kangas, L.J., Edgar, T., Zabriskie, M.M., Franklin, L.R., Frincke, D.A.: Predictive modeling for insider threat mitigation. Tech. Rep. PNNL-SA-60737, Pacific Northwest National Laboratory, Richland, Washington (2008)
Infosec Research Council: Hard problem list (2005). Available from http://www. infosec - research.org/docs_public/2 0 05113 0- IRC-HPL-FINAL.pdf. Accessed January 11, 2010.
Keeney, M., Kowalski, E., Cappelli, D.M., Moore, A.P., Shimeall, T.J., Rogers, S.: Insider threat study: Computer system sabotage in critical infrastructure sectors. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2005). Available from http:// www.secretservice.gov/ntac/its%5Freport%5F050516.pdf. Accessed August 14, 2009
Kramer, L.A., Jr., R.J.H., Crawford, K.S.: Technological, social, and economic trends that are increasing u.s. vulnerability to insider espionage. Tech. Rep. 05-10, Personnel Security Research Center (PERSEREC), Monterey, California (2005)
Krofcheck, J.L., Gelles, M.G.: Behavioral Consultation in Personnel Security: Training and Reference Manual for Personnel Security Professionals. Yarrow Associates, Fairfax, Virginia (2005)
Lane, F.S.I.: The Naked Employee: How Technology is Compromising Workplace Privacy. American Management Association (AMACOM) (2003)
Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: Evaluating the probability of it misuse. Computers & Security 21(1), 62–73 (2002)
Magklaras, G.B., Furnell, S.M.: A preliminary model of end user sophistication for insider threat prediction in it systems. Computers & Security 24(5), 371–380 (2005)
Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matzner, S., Hetherington, T., Wood, B., Sibley, C., Marin, J., Longstaff, T., Spitzner, L., Haile, J., Copeland, J., Lewandowski, S.: Analysis and detection of malicious insiders. In: Proceedings of the 2005 International Conference on Intelligence Analysis. The MITRE Corporation (2005)
Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Academy of Management Review 20(3), 709–734 (1995)
Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The "big picture" of insider it sabotage across u.s. critical infrastructures. Tech. rep., Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania (2008)
Nardi, D., Brachman, R.J.: An introduction to description logics. In: F. Baader, D. Calvanese, D.L. McGuinness, D. Nardi, P.F. Patel-Schnieder (eds.) The Description Logic Handbook: Theory, Implementation, and Applications, pp. 5–44. Cambridge University Press, Cambridge, United Kingdom (2003)
Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. John Wiley & Sons, New York (1998)
Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, San Francisco, California (1988)
Rosenberg, R.S.: The workplace on the verge of the 21st century. Journal of Business Ethics 22(1), 3–14 (1999)
Schultz, E.E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526–531 (2002)
Shaw, E.D., Fischer, L.F.: Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders analysis and observations. Tech. rep., Personnel Security Research Center (PERSEREC), Monterey, California (2005). Available from http: //handle.dtic.mil/100.2/ADA4 412 93. Accessed August 14, 2009.
Siegel, S.: Nonparametric Statistics for the Behavioral Sciences. McGraw-Hill, New York (1956)
Tabak, F., Smith, W.P.: Privacy and electronic monitoring in the workplace: A model of managerial cognition and relational trust development. Employee Responsibilities and Rights Journal 17(3), 173–189 (2005)
US-CERT/CERT Coordination Center: 2004 e-crime watch survey—summary of findings. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2004). Available from http://www.cert.org/archive/pdf/ecrimesurvey05.pdf. Accessed January 11, 2010.
US-CERT/CERT Coordination Center: 2005 e-crime watch survey—survey results. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2005). Available from http:// www.cert.org/archive/pdf/ecrimesurvey06.pdf. Accessed January 11, 2010.
US-CERT/CERT Coordination Center: 2006 e-crime watch survey—complete survey results. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2006). Available from http://www.cert.org/archive/pdf/ecrimesurvey0 6.pdf. Accessed January 11, 2010.
US-CERT/CERT Coordination Center: 2007 e-crime watch survey—complete survey results. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2007). Available from http://www.cert.org/archive/pdf/ecrimesurvey07.pdf. Accessed January 11, 2010.
U.S. Department of Defense Office of the Inspector General (DoD): DoD management of information assurance efforts to protect automated information systems. Tech. Rep. 97-049, U.S. Department of Defense, Washington, D.C. (1997)
Wood, B.: An insider threat model for adversary simulation. In: Proceedings of the Research on Mitigating the Insider Threat on Information Systems. Arlington, Virginia (2000)
Zadeh, L.A.: Fuzzy sets. Information Control 8(3), 338–353 (1965)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Greitzer, F.L., Frincke, D.A. (2010). Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation . In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_5
Download citation
DOI: https://doi.org/10.1007/978-1-4419-7133-3_5
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-7132-6
Online ISBN: 978-1-4419-7133-3
eBook Packages: Computer ScienceComputer Science (R0)