Abstract
Many cyber security officers are more concerned with outside rather than insider threats because the enemy is generally perceived as being “out there” or beyond the organization. Therefore, defensive actions are readily available once an outside threat is identified (Colwill in Human factors in information security: the insider threat—who can you trust these days? pp. 186–196, 2009 [1]). Contradictory to the ideas of social identification as an “us” and “them,” the greatest enemy may be lurking within one’s own organization. Individuals are considered insiders if they presently have (or at one time had) permission to access an organization’s data or network structures (Greitzer et al. in Secur Priv IEEE 6(1):61–64, 2008 [2]). The concept of the insider threat is considered one of the most difficult situations to deal with in the cybersecurity domain (Hunker and Probst in J Wireless Mobile Netw Ubiquitous Comput Dependable Appl 2(1):4–27, 2011 [3]). The Association of Certified Fraud Examiners has reported two-thirds of fraud and identity thefts are executed by organizations’ employees or other known insiders. They also estimate U.S. companies have lost 5 % of revenue to fraudulent insider activities (Randazzo et al. in Insider threat study: illicit cyber activity in the banking and finance sector, 2005 [4]). Insiders have multiple advantages over an outsider. An insider threat is one of the most difficult situations to identify. Therefore, it is critical that training be developed. The first step to effective training is constructing an environment that lends itself to insider threat situations. The present paper describes the process in which one insider threat virtual environment was constructed. A discussion of the considerations and functional features is detailed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Colwill, C.: Human factors in Information Security: The Insider Threat—Who Can You Trust These Days? Information security technical report, pp. 186–196 (2009)
Greitzer, F., Moore, A., Cappelli, D., Andrews, D., Carroll, L., Hull, T.: Combating the insider cyber threat. Secur. Priv. IEEE 6(1), 61–64 (2008)
Hunker, J., Probst, C.: Insiders and insider threats an overview of definitions and mitigation techniques. J. Wireless Mobile Netw. Ubiquitous Comput. Dependable Appl. 2(1), 4–27 (2011)
Randazzo, M., Keeney, M., Kowalski, E., Cappelli, D., Moore, A.: Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. Technical report, Carnegie-Mellon University, PA (2005)
Hansen, L., Nissenbaum, H.: Digital disaster, cyber security, and the Copenhagen School. Int. Stud. Quart. 53(4), 1155–1175 (2009)
McDowell, M., Householder, A.: US-CERT. Accessed 6 May 2009. Available at: https://www.us-cert.gov/ncas/tips/ST04-001
Kraemer, S., Carayan, P., Clem, J.: Human and organizational factors in computer and information security. Comput. Secur. 28(7), 509–520 (2009)
Bowen, B., Devarajan, R., Stolfo, S.: Measuring the human factor of cyber security. In: 2011 IEEE International Conference, pp. 230–235 (2011)
Munir, A., Lukman, S., Muhammad, K., Al-Maimani, M.: Human errors in information security. Int. J. 1(3) (2012)
von Solms, R., van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)
Gandhi, R., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., Laplante, P.: Dimensions of cyber-attacks: cultural, social, economic, and political. Technol. Soc. Mag. 30(1), 28–38 (2011)
Warkentin, M., Willison, R.: Behavioral and policy issues in information. Eur. J. Inf. Syst. 18, 101–105 (2009)
Cone, B., Irvine, C., Thompson, M., Nguyen, T.: A video game for cyber security training and awareness. Comput. Secur. 26(1), 63–72 (2007)
Schmorrow, D., Cohn, J., Nicholson, D.: The PSI Handbook of Virtual Environments for Training and Education: Developments for the Military and Beyond, vol. 1. Praeger Security, Westport (2009)
Matthews, G., Szalma, J., Panganiban, A.R., Neubauer, C., Warm, J.: Profiling task stress with the Dundee stress state questionnaire. In: Psychology of Stress: New Research, pp. 49–90. Nova Science Publishers, Inc., Hauppage, USA (2013)
Witmer, B., Singer, M.: Measuring presence in virtual environments: a presence questionnaire. Presence: Teleoperators Virtual Environ. 7(3), 225–240 (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ortiz, E., Reinerman-Jones, L., Matthews, G. (2016). Developing an Insider Threat Training Environment. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-41932-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41931-2
Online ISBN: 978-3-319-41932-9
eBook Packages: EngineeringEngineering (R0)