Alleviating Insider Threats: Mitigation Strategies and Detection Techniques

Jenkins, Jeffrey Lyne

January 2013

Insider threats--trusted members of an organization who compromise security--are considered the greatest security threat to organizations. Because of ignorance, negligence, or malicious intent, insider threats may cause security breaches resulting in substantial damages to organizations and even society. This research helps alleviate the insider threat through developing mitigation strategies and detection techniques in three studies. Study 1 examines how security controls--specifically depth-of-authentication and training recency--alleviate non-malicious insider threats through encouraging secure behavior (i.e., compliance with an organization's security policy). I found that `simpler is better' when implementing security controls, the effects of training diminish rapidly, and intentions are poor predictors of actual secure behavior. Extending Study 1's finding on training recency, Study 2 explains how different types of training alleviate non-malicious insider threat activities. I found that just-in-time reminders are more effective than traditional training programs in improving secure behavior, and again that intentions are not an adequate predictor of actual secure behavior. Both Study 1 and Study 2 introduce effective mitigation strategies for alleviating the non-malicious insider threat; however, they have limited utility when an insider threat has malicious intention, or deliberate intentions to damage the organization. To address this limitation, Study 3 conducts research to develop a tool for detecting malicious insider threats. The tool monitors mouse movements during an insider threat screening survey to detect when respondents are being deceptive. I found that mouse movements are diagnostic of deception. Future research directions are discussed to integrate and extend the findings presented in this dissertation to develop a behavioral information security framework for alleviating both the non-malicious and malicious insider threats in organizations.

Information Systems

Insider Threat

Mouse Movements

Passwords

Security

Management

Experiment

Action dynamics in multitasking: the impact of additional task factors on the execution of the prioritized motor movement

Scherbaum, Stefan, Gottschalk, Caroline, Dshemuchadse , Maja, Fischer, Rico

18 January 2016

In multitasking, the execution of a prioritized task is in danger of crosstalk by the secondary task. Task shielding allows minimizing this crosstalk. However, the locus and temporal dynamics of crosstalk effects and further sources of influence on the execution of the prioritized task are to-date only vaguely understood. Here we combined a dual-task paradigm with an action dynamics approach and studied how and according to which temporal characteristics crosstalk, previously experienced interference and previously executed responses influenced participants' mouse movements in the prioritized task's execution. Investigating continuous mouse movements of the prioritized task, our results indicate a continuous crosstalk from secondary task processing until the endpoint of the movement was reached, although the secondary task could only be executed after finishing execution of the prioritized task. The motor movement in the prioritized task was further modulated by previously experienced interference between the prioritized and the secondary task. Furthermore, response biases from previous responses of the prioritized and the secondary task in movements indicate different sources of such biases. The bias by previous responses to the prioritized task follows a sustained temporal pattern typical for a contextual reactivation, while the bias by previous responses to the secondary task follows a decaying temporal pattern indicating residual activation of previously activated spatial codes.

Handlungdynamik

TU Dresden

Publikationsfonds

action dynamics

mouse movements

crosstalk

dual task

task shielding

cognitive control

conflict adaptation

Technical University Dresden

Publication funds

ddc:150

rvk:CL 1000

Action dynamics in multitasking: the impact of additional task factors on the execution of the prioritized motor movement

Scherbaum, Stefan, Gottschalk, Caroline, Dshemuchadse, Maja, Fischer, Rico

18 January 2016

In multitasking, the execution of a prioritized task is in danger of crosstalk by the secondary task. Task shielding allows minimizing this crosstalk. However, the locus and temporal dynamics of crosstalk effects and further sources of influence on the execution of the prioritized task are to-date only vaguely understood. Here we combined a dual-task paradigm with an action dynamics approach and studied how and according to which temporal characteristics crosstalk, previously experienced interference and previously executed responses influenced participants' mouse movements in the prioritized task's execution. Investigating continuous mouse movements of the prioritized task, our results indicate a continuous crosstalk from secondary task processing until the endpoint of the movement was reached, although the secondary task could only be executed after finishing execution of the prioritized task. The motor movement in the prioritized task was further modulated by previously experienced interference between the prioritized and the secondary task. Furthermore, response biases from previous responses of the prioritized and the secondary task in movements indicate different sources of such biases. The bias by previous responses to the prioritized task follows a sustained temporal pattern typical for a contextual reactivation, while the bias by previous responses to the secondary task follows a decaying temporal pattern indicating residual activation of previously activated spatial codes.

info:eu-repo/classification/ddc/150

ddc:150