Skip to main content
SpringerLink
Log in

Insider Threat: Applying No Dark Corners Defenses

  • Living reference work entry
  • First Online:
Handbook of Security Science

  • 217 Accesses

Abstract

Unlike a frontal attack, an insider threat is a menace that operates from within established defenses and also possesses legitimate access to targets. Insider threat studies draw from many disciplines, with cyber-centric studies currently dominating the field. All disciplines hew to the convention of over-relying on experts and imposing heavy burdens on employees who pose no threat. One possible rationale is that experts see the insider threat as a problem when it is a predicament requiring a higher level of interpretive thinking to address.

Contrary to accepted wisdom, the No Dark Corners approach places monitoring responsibility at the co-worker level, rather than in the exclusive hands of experts, and broadly fosters an environment of transparency where co-workers function as copilots who take an active hand in their own protection. The ultimate aim is denying hostile insiders the opportunity to inflict harm by eliminating their ability to exploit institutional vulnerabilities that represent the dark corners from which an adversary needs to operate in order to penetrate and strike the targeted organization.

A strategy canvas depicts the contrasts between the conventional approach and No Dark Corners. The role of some other prominent aspects of insider threats and defenses is also discussed, including deception, knowledgeable escort, lawful disruption, and the curse of the indelicate obvious. Some societal implications and applications are also explored in broad strokes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  • Adams S (2018) “Intelligence scale,” Theme of second Periscope broadcast of Jan 4, 2018. Retrieved 4 Jan 2018 from https://www.pscp.tv/w/bR07HDFEWUVYVnFMcnh2S2d8MXJteFBPQVJ2QmdKTkoDwNfw0-C7hWoOCobaYJXCiC6ZdBbJHTrviP6VbJYX

  • Antokol N, Nudell M (1988) The handbook for effective emergency and crisis management. Lexington Books, Lexington, p 3

    Google Scholar 

  • Carney RM (1994) The enemy within. In: Sarbin T, Carney R, Eoyang C (eds) Citizen espionage: studies in trust and betrayal. Praeger, Westport, pp 18–38

    Google Scholar 

  • Catrantzos N (2009) No dark corners: defending against insider threats to critical infrastructure, MA thesis, Center for Homeland Defense and Security, Naval Postgraduate School, Monterey

    Google Scholar 

  • Catrantzos N (2010a) No dark corners: a different answer to insider threats. Homeland Secur Aff 6, Article 5. Retrieved 3 Jan 2018 from https://www.hsaj.org/articles/83

  • Catrantzos N (2010b) Defending against the threat of insider financial crime. Frontline Security, pp 17–19. Retrieved 6 Jan 2018 from http://security.frontline.online/content/insider-financial-crime

  • Catrantzos N (2012) Managing the insider threat: no dark corners. CRC Press, Boca Raton

    Book  Google Scholar 

  • Choudhury SR (2018) Tech giant is rolling out new robots to replace workers in hotels, airports and supermarkets, CNBC Business News, January 4, 2018. Retrieved 4 Jan 2018 from https://www.cnbc.com/2018/01/04/south-koreas-lg-electronics-to-introduce-new-robots-at-ces-2018.html

  • Cole E (2017) Defending against the wrong enemy: 2017 SANS insider threat survey, SANS Institute InfoSec Reading Room, Sponsored by Dtex, Haystax Technology, and Rapid 7, August 2017. Retrieved 18 Aug 2017 from https://www.sans.org/reading-room/whitepapers/analyst/defending-wrong-enemy-2017-insider-threat-survey-37890

  • Colwell LH, Miller HA, Lyons PM Jr, Miller RS (2006) The training of law enforcement officers in detecting deception: a survey of current practices and suggestions for improving accuracy. Police Q 9(3):275–290

    Article  Google Scholar 

  • Donovan F (2016) IT admins to users: do as I say, not as I do: survey of IT admins at RSA finds some IT admins never change admin credentials at all, RSA Conference Survey, April 7, 2016. Retrieved 5 May 2016 from http://www.fierceitsecurity.com/story/it-admins-users-do-i-say-not-i-do/2016-04-07

  • Drucker P (2002) Managing in the next society. Truman Talley Books St. Martin’s Press, New York, p 36

    Google Scholar 

  • Evanina B (2017) Defusing leakers means knowing what makes them tick, The Cipher Brief, September 13, 2017 (issue on tackling insider threat ranging from leaking classified information to workplace violence, in interview of National Counterintelligence and Security Center Director Bill Evanina). Retrieved 18 Sept 2017 from https://www.thecipherbrief.com/column/strategic-view/defusing-leakers-means-knowing-makes-tick

  • Farson R (1996) Management of the absurd: paradoxes in leadership. Simon & Schuster, New York, pp 6–7

    Google Scholar 

  • Fein RA, Vossekuil B, Pollack WS, Borum R, Modzelski W, Reddy M (2002) Threat assessment in schools. U.S. Secret Service/U.S. Department of Education, Washington, DC, pp 33–38

    Google Scholar 

  • Hanson VD (2017) Nation v. Tribe, Defining Ideas: A Hoover Institution Journal, December 6, 2017. Retrieved 8 Jan 2018 from https://www.hoover.org/research/nation-v-tribe

  • Herbig KL (2008) Changes in espionage by Americans: 1947–2007, Technical report 08–05. Defense Personnel Security Research Center, Monterey

    Book  Google Scholar 

  • Herley C (2009) So long, and no thanks for the externalities: The rational rejection of security advice by users, In: Proceedings of the new security paradigms workshop, Oxford, 8–11 Sept 2009, pp 1–12

    Google Scholar 

  • Just DR (2014) Introduction to behavioral economics. Wiley, Hoboken, pp 465–466

    Google Scholar 

  • Kim C, Mauborgne RA (2005) Blue ocean strategies. Harvard Business Press, Boston, pp 12–15

    Google Scholar 

  • Ruffini JA (2006) When terror comes to main street. Archangel Group, Denver, p 201

    Google Scholar 

  • Shaw ED, Fischer LF (2005) Ten tales of betrayal: the threat to corporate infrastructures by information technology insiders. Defense Personnel Security Research Center, Monterey, p 34

    Google Scholar 

  • Shifflett CM (1999) Aikido exercises for teaching and training. Round Earth Publishing, Berkeley, p 20

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Homeland Defense and Security, Naval Postgraduate School, Monterey, CA, USA

    Nick Catrantzos

Authors
  1. Nick Catrantzos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nick Catrantzos .

Editor information

Editors and Affiliations

  1. College of Public Health, University of South Florida, Tampa, Florida, USA

    Anthony J. Masys

Section Editor information

  1. School of Public Affairs, The Pennsylvania State University – Penn State Harrisburg, Middletown, USA

    Alexander Siedschlag

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this entry

Check for updates. Verify currency and authenticity via CrossMark

Cite this entry

Catrantzos, N. (2018). Insider Threat: Applying No Dark Corners Defenses. In: Masys, A. (eds) Handbook of Security Science. Springer, Cham. https://doi.org/10.1007/978-3-319-51761-2_7-1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51761-2_7-1

  • Received:

  • Accepted:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51761-2

  • Online ISBN: 978-3-319-51761-2

  • eBook Packages: Springer Reference Physics and AstronomyReference Module Physical and Materials ScienceReference Module Chemistry, Materials and Physics

Publish with us

Policies and ethics

Search

Navigation