Spelling suggestions: "subject:"insider threat"" "subject:"insider athreat""
1 |
Alleviating Insider Threats: Mitigation Strategies and Detection TechniquesJenkins, Jeffrey Lyne January 2013 (has links)
Insider threats--trusted members of an organization who compromise security--are considered the greatest security threat to organizations. Because of ignorance, negligence, or malicious intent, insider threats may cause security breaches resulting in substantial damages to organizations and even society. This research helps alleviate the insider threat through developing mitigation strategies and detection techniques in three studies. Study 1 examines how security controls--specifically depth-of-authentication and training recency--alleviate non-malicious insider threats through encouraging secure behavior (i.e., compliance with an organization's security policy). I found that `simpler is better' when implementing security controls, the effects of training diminish rapidly, and intentions are poor predictors of actual secure behavior. Extending Study 1's finding on training recency, Study 2 explains how different types of training alleviate non-malicious insider threat activities. I found that just-in-time reminders are more effective than traditional training programs in improving secure behavior, and again that intentions are not an adequate predictor of actual secure behavior. Both Study 1 and Study 2 introduce effective mitigation strategies for alleviating the non-malicious insider threat; however, they have limited utility when an insider threat has malicious intention, or deliberate intentions to damage the organization. To address this limitation, Study 3 conducts research to develop a tool for detecting malicious insider threats. The tool monitors mouse movements during an insider threat screening survey to detect when respondents are being deceptive. I found that mouse movements are diagnostic of deception. Future research directions are discussed to integrate and extend the findings presented in this dissertation to develop a behavioral information security framework for alleviating both the non-malicious and malicious insider threats in organizations.
|
2 |
A machine learning approach to detect insider threats in emails caused by human behaviourMichael, Antonia January 2020 (has links)
In recent years, there has been a significant increase in insider threats within organisations and these have caused massive losses and damages. Due to the fact that email communications are a crucial part of the modern-day working environment, many insider threats exist within organisations’ email infrastructure. It is a well-known fact that employees not only dispatch ‘business-as-usual’ emails, but also emails that are completely unrelated to company business, perhaps even involving malicious activity and unethical behaviour. Such insider threat activities are mostly caused by employees who have legitimate access to their organisation’s resources, servers, and non-public data. However, these same employees abuse their privileges for personal gain or even to inflict malicious damage on the employer. The problem is that the high volume and velocity of email communication make it virtually impossible to minimise the risk of insider threat activities, by using techniques such as filtering and rule-based systems. The research presented in this dissertation suggests strategies to minimise the risk of insider threat via email systems by employing a machine-learning-based approach. This is done by studying and creating categories of malicious behaviours posed by insiders, and mapping these to phrases that would appear in email communications. Furthermore, a large email dataset is classified according to behavioural characteristics of employees. Machine learning algorithms are employed to identify commonly occurring insider threats and to group the occurrences according to insider threat classifications. / Dissertation (MSc (Computer Science))--University of Pretoria, 2020. / Computer Science / MSc (Computer Science) / Unrestricted
|
3 |
Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification SystemHueca, Angel L. 01 January 2018 (has links)
Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated.
The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided.
|
4 |
<b>Analyzing the Nexus between Cyberaggression and Cybersecurity Insider Threat Dynamics</b>Anirudh Vempati (16897563) 27 April 2024 (has links)
<p dir="ltr">In the modern, internet-connected world, online actions have a big impact. Organizational information system security is a complex issue, with both external attacks and internal vulnerabilities posing serious risks. Although there is ample evidence linking job discontent and stress in the context of insider threat prediction, the stress caused by a perceived lack of social support is mostly unstudied. This research seeks to address this gap by assessing how aggressive behaviors outside the workplace and the absence of offline social support can predict insider threat behaviors within organizations. Given the prevalence of insider threats, a comprehensive investigation into their motivations and actions is imperative. Understanding these dynamics can provide organizations with crucial insights to effectively manage this persistent risk. The widespread nature of insider threats calls for a thorough study into their roots, motives, and behaviors. By comprehensively analyzing these factors, companies can gain valuable insights into insider threats' dynamics and develop effective risk management strategies.</p><p dir="ltr">The study conducted a survey with 206 participants recruited through Amazon Mechanical Turk (MTurk), analyzing data using SPSS. The survey consisted of several questionnaires, including demographic information, insider threat traits, cyberaggressive behaviors, online and offline social support. The correlational analysis revealed significant variables related to insider threat characteristics. The results of the study suggested that Cyberbullying and Deception were significant predictors of Hacking and Identity Theft. Additionally, individuals displaying traits of Unwanted Contact and Online Harassment outside the workplace were more likely to exhibit insider threat behaviors within an organization. Notably, the lack of online social support was not found to be indicative of insider threats. However, the absence of offline social support was associated with an increased probability of individuals engaging in cybercrimes within organizational settings.</p><p dir="ltr">The findings suggest that organizations and information security policymakers should implement strategies to mitigate insider threats effectively. To manage insider threats, organizations should focus on behavioral cues, implement positive interventions and utilize technical monitoring to track online actions of insiders. Understanding the psychological, behavioral, and technical aspects of insider threats is crucial for early detection and prevention. Policymakers at companies should not only focus on traditional background checks related to criminal history but also consider psychological and behavioral factors to prevent insider threats effectively. By integrating these insights into policies and practices, companies can enhance their ability to mitigate potential insider threats effectively.</p><p dir="ltr">The present study augments the existing literature on insider threats and cyber aggression by examining the influence of stressors on employee behavior. Building upon prior research, this investigation delves into the nuanced impact of both offline and online social support systems on stress levels experienced by employees. It explores how the absence of adequate offline and online social support can exacerbate stress levels, consequently increasing the likelihood of insider threats and cyber aggression. In conclusion, the findings of this research contribute significantly to our understanding of the pivotal role of offline social support in mitigating workplace stress. Moreover, it underscores the importance of understanding individual online presence and background verification processes in evaluating potential risks within the workplace.</p>
|
5 |
Strategies for Improving Data Protection to Reduce Data Loss from CyberattacksCannon, Jennifer Elizabeth 01 January 2019 (has links)
Accidental and targeted data breaches threaten sustainable business practices and personal privacy, exposing all types of businesses to increased data loss and financial impacts. This single case study was conducted in a medium-sized enterprise located in Brevard County, Florida, to explore the successful data protection strategies employed by the information system and information technology business leaders. Actor-network theory was the conceptual framework for the study with a graphical syntax to model data protection strategies. Data were collected from semistructured interviews of 3 business leaders, archival documents, and field notes. Data were analyzed using thematic, analytic, and software analysis, and methodological triangulation. Three themes materialized from the data analyses: people--inferring security personnel, network engineers, system engineers, and qualified personnel to know how to monitor data; processes--inferring the activities required to protect data from data loss; and technology--inferring scientific knowledge used by people to protect data from data loss. The findings are indicative of successful application of data protection strategies and may be modeled to assess vulnerabilities from technical and nontechnical threats impacting risk and loss of sensitive data. The implications of this study for positive social change include the potential to alter attitudes toward data protection, creating a better environment for people to live and work; reduce recovery costs resulting from Internet crimes, improving social well-being; and enhance methods for the protection of sensitive, proprietary, and personally identifiable information, which advances the privacy rights for society.
|
6 |
Probabilistic basis and assessment methodology for effectiveness of protecting nuclear materialsDurán, Felicia Angélica 09 February 2011 (has links)
Safeguards and security (S&S) systems for nuclear facilities include material control and accounting (MC&A) and a physical protection system (PPS) to protect nuclear materials from theft, sabotage and other malevolent human acts. The PPS for a facility is evaluated using probabilistic analysis of adversary paths on the basis of detection, delay, and response timelines to determine timely detection. The path analysis methodology focuses on systematic, quantitative evaluation of the physical protection component for potential external threats, and often calculates the probability that the PPS is effective (PE) in defeating an adversary who uses that attack path. By monitoring and tracking critical materials, MC&A activities provide additional protection against inside adversaries, but have been difficult to characterize in ways that are compatible with the existing path analysis methods that are used to systematically evaluate the effectiveness of a site’s protection system. This research describes and demonstrates a new method to incorporate MC&A protection elements explicitly within the existing probabilistic path analysis methodology. MC&A activities, from monitoring to inventory measurements, provide many, often recurring opportunities to determine the status of critical items, including detection of missing materials. Human reliability analysis methods are applied to determine human error probabilities to characterize the detection capabilities of MC&A activities. An object-based state machine paradigm was developed to characterize the path elements and timing of an insider theft scenario as a race against MC&A activities that can move a facility from a normal state to a heightened alert state having additional detection opportunities. This paradigm is coupled with nuclear power plant probabilistic risk assessment techniques to incorporate the evaluation of MC&A activities in the existing path analysis methodology. Event sequence diagrams describe insider paths through the PPS and also incorporate MC&A activities as path elements. This work establishes a probabilistic basis for incorporating MC&A activities explicitly within the existing path analysis methodology to extend it to address insider threats. The analysis results for this new method provide an integrated effectiveness measure for a safeguards and security system that addresses threats from both outside and inside adversaries. / text
|
7 |
It’s More Than Just Changing Your Password: Exploring the Nature and Antecedents of Cyber-Security BehaviorsDreibelbis, Rachel Christine 19 January 2016 (has links)
Organizations have become increasingly concerned with developing and protecting their information security systems. Despite attempts to secure the information infrastructure, employees inside of organizations remain the largest source of threat to information cyber-security. While previous research has focused on behavioral and situational factors that influence cyber-security behaviors, the measurement of cyber behaviors and their relationship to other performance variables is poorly understood. The purpose of the present study is to 1) determine the underlying factor structure of a cyber-security behavior scale, 2) assess if individual personality traits predict four types of cyber-security behaviors: security assurance, security compliance, security risk, and security damaging behaviors, and 3) explore the relationship between citizenship and counterproductive work behaviors and cyber-security behaviors. Results indicate that cyber-security behavior can be separated into four distinct dimensions and that personality traits such as conscientiousness, agreeableness, and openness to experience are predictive of these behaviors. Additionally, positive cyber behaviors are related organizational citizenship behaviors, and potentially harmful cyber behaviors related to counterproductive work behaviors. This research has implications for using personality to predict cyber-security behaviors and reduce insider threat in the workplace.
|
8 |
Exploring Data Security Management Strategies for Preventing Data BreachesOfori-Duodu, Michael Samuel 01 January 2019 (has links)
Insider threat continues to pose a risk to organizations, and in some cases, the country at large. Data breach events continue to show the insider threat risk has not subsided. This qualitative case study sought to explore the data security management strategies used by database and system administrators to prevent data breaches by malicious insiders. The study population consisted of database administrators and system administrators from a government contracting agency in the northeastern region of the United States. The general systems theory, developed by Von Bertalanffy, was used as the conceptual framework for the research study. The data collection process involved interviewing database and system administrators (n = 8), organizational documents and processes (n = 6), and direct observation of a training meeting (n = 3). By using methodological triangulation and by member checking with interviews and direct observation, efforts were taken to enhance the validity of the findings of this study. Through thematic analysis, 4 major themes emerged from the study: enforcement of organizational security policy through training, use of multifaceted identity and access management techniques, use of security frameworks, and use of strong technical control operations mechanisms. The findings of this study may benefit database and system administrators by enhancing their data security management strategies to prevent data breaches by malicious insiders. Enhanced data security management strategies may contribute to social change by protecting organizational and customer data from malicious insiders that could potentially lead to espionage, identity theft, trade secrets exposure, and cyber extortion.
|
9 |
Sécurité dans le cloud : framework de détection de menaces internes basé sur l'analyse d'anomalies / Security in the Cloud : an anomaly-based detection framework for the insider threatsCarvallo, Pamela 17 December 2018 (has links)
Le Cloud Computing (CC) ouvre de nouvelles possibilités pour des services plus flexibles et efficaces pour les clients de services en nuage (CSC). Cependant, la migration vers le cloud suscite aussi une série de problèmes, notamment le fait que, ce qui autrefois était un domaine privé pour les CSC, est désormais géré par un tiers, et donc soumis à ses politiques de sécurité. Par conséquent, la disponibilité, la confidentialité et l'intégrité des CSC doivent être assurées. Malgré l'existence de mécanismes de protection, tels que le cryptage, la surveillance de ces propriétés devient nécessaire. De plus, de nouvelles menaces apparaissent chaque jour, ce qui exige de nouvelles techniques de détection plus efficaces.Les travaux présentés dans ce document vont au-delà du simple l’état de l'art, en traitant la menace interne malveillante, une des menaces les moins étudiées du CC. Ceci s'explique principalement par les obstacles organisationnels et juridiques de l'industrie, et donc au manque de jeux de données appropriés pour la détecter. Nous abordons cette question en présentant deux contributions principales.Premièrement, nous proposons la dérivation d’une méthodologie extensible pour modéliser le comportement d’un utilisateur dans une entreprise. Cette abstraction d'un employé inclut des facteurs intra-psychologiques ainsi que des informations contextuelles, et s'inspire d'une approche basée sur les rôles. Les comportements suivent une procédure probabiliste, où les motivations malveillantes devraient se produire selon une probabilité donnée dans la durée.La contribution principale de ce travail consiste à concevoir et à mettre en œuvre un cadre de détection basé sur les anomalies pour la menace susmentionnée. Cette implémentation s’enrichit en comparant deux points différents de capture de données : une vue basée sur le profil du réseau local de la entreprise, et une point de vue du cloud qui analyse les données des services avec lesquels les clients interagissent. Cela permet au processus d'apprentissage des anomalies de bénéficier de deux perspectives: (1) l'étude du trafic réel et du trafic simulé en ce qui concerne l'interaction du service de cloud computing, de manière de caractériser les anomalies; et (2) l'analyse du service cloud afin d'ajouter des statistiques prenant en compte la caractérisation globale du comportement.La conception de ce cadre a permis de détecter de manière empirique un ensemble plus large d’anomalies de l’interaction d'une entreprise donnée avec le cloud. Cela est possible en raison de la nature reproductible et extensible du modèle. En outre, le modèle de détection proposé profite d'une technique d'apprentissage automatique en mode cluster, en suivant un algorithme adaptatif non supervisé capable de caractériser les comportements en évolution des utilisateurs envers les actifs du cloud. La solution s'attaque efficacement à la détection des anomalies en affichant des niveaux élevés de performances de clustering, tout en conservant un FPR (Low Positive Rate) faible, garantissant ainsi les performances de détection pour les scénarios de menace lorsque celle-ci provient de la entreprise elle-même / Cloud Computing (CC) opens new possibilities for more flexible and efficient services for Cloud Service Clients (CSCs). However, one of the main issues while migrating to the cloud is that what once was a private domain for CSCs, now is handled by a third-party, hence subject to their security policies. Therefore, CSCs' confidentiality, integrity, and availability (CIA) should be ensured. In spite of the existence of protection mechanisms, such as encryption, the monitoring of the CIA properties becomes necessary. Additionally, new threats emerge every day, requiring more efficient detection techniques. The work presented in this document goes beyond the state of the art by treating the malicious insider threat, one of the least studied threats in CC. This is mainly due to the organizational and legal barriers from the industry, and therefore the lack of appropriate datasets for detecting it. We tackle this matter by addressing two challenges.First, the derivation of an extensible methodology for modeling the behavior of a user in a company. This abstraction of an employee includes intra psychological factors, contextual information and is based on a role-based approach. The behaviors follow a probabilistic procedure, where the malevolent motivations are considered to occur with a given probability in time.The main contribution, a design and implementation of an anomaly-based detection framework for the aforementioned threat. This implementation enriches itself by comparing two different observation points: a profile-based view from the local network of the company, and a cloud-end view that analyses data from the services with whom the clients interact. This allows the learning process of anomalies to benefit from two perspectives: (1) the study of both real and simulated traffic with respect to the cloud service's interaction, in favor of the characterization of anomalies; and (2) the analysis of the cloud service in order to aggregate data statistics that support the overall behavior characterization.The design of this framework empirically shows to detect a broader set of anomalies of the company's interaction with the cloud. This is possible due to the replicable and extensible nature of the mentioned insider model. Also, the proposed detection model takes advantage of the autonomic nature of a clustering machine learning technique, following an unsupervised, adaptive algorithm capable of characterizing the evolving behaviors of the users towards cloud assets. The solution efficiently tackles the detection of anomalies by showing high levels of clustering performance, while keeping a low False Positive Rate (FPR), ensuring the detection performance for threat scenarios where the threat comes from inside the enterprise
|
10 |
Insiderhot : En systematisk litteraturöversikt av insiderhot som utvärderar administrativa säkerhetsåtgärder / Insider threat : A systematic literature review of insider threat which evaluates administrative security measuresTell, Markus January 2021 (has links)
Inom en organisation finns det insiders med direkt tillgång till konfidentiell och känslig information. Insiderhot kan antingen vara avsiktliga eller oavsiktliga och båda typerna kan utgöra förödande konsekvenser. Frågan är egentligen hur organisationer ska säkerställa informationssäkerhet när anställda har en daglig tillgång till information. Det som organisationer behöver implementera är särskilda säkerhetsåtgärder. Förebyggande säkerhetsåtgärder kan delas upp som tekniska och administrativa. Denna uppsats har genomfört en systematisk litteraturöversikt med en tematisk analys för att undersöka vad tidigare forskning rekommenderar för administrativa säkerhetsåtgärder för att tackla problemet. Undersökningens slutsatser kommer fram till att avsiktliga och oavsiktliga insiderhot kräver olika typer av säkerhetsåtgärder, samtidigt som en del åtgärder kan förebygga båda problemen. För att förebygga avsiktliga insiderhot behövs det straffande åtgärder som till exempel sanktioner och det behövs en informationssäkerhetskultur som tar i hänsyn till olika teorier. För att förebygga oavsiktliga insiderhot behöver fokus ligga på utbildning, träning och medvetenhet samt tillämpandet av en informationssäkerhetskultur som reducerar stress. Slutligen behövs det en informationssäkerhetspolicy och en kombination av positiva samt negativa incitament, vilket kan förebygga både avsiktliga och oavsiktliga insiderhot.
|
Page generated in 0.0588 seconds