Global ETD Search

11	The Impact of Mindfulness on Non-Malicious Spillage within Images on Social Networking Sites Landress, Angela D. 01 January 2018 (has links) Insider threat by employees in organizations is a problematic issue in today’s fast-paced, internet-driven society. Gone are the days when securing the perimeter of one’s network protected their business. Security threats are now mobile, and employees have the ability to share sensitive business data with hundreds of people instantaneously from mobile devices. While prior research has addressed social networking topics such as trust in relation to information systems, the use of social networking sites, social networking security, and social networking sharing, there is a lack of research in the mindfulness of users who spill sensitive data contained within images posted on social networking sites (SNS). The author seeks to provide an understanding of how non-malicious spillage through images relates to the mindfulness of employees, who are also deemed insiders. Specifically, it explores the relationships between the following variables: mindfulness, proprietary information spillage, and spillage of personally identifiable information (PII). A quasi-experimental study was designed, which was correlational in nature. Individuals were the unit of analysis. A sample population of business managers with SNS accounts were studied. A series of video vignettes were used to measure mindfulness. Surveys were used as a tool to collect and analyze data. There was a positive correlation between non-malicious spillage of sensitive business, both personally identifiable information and proprietary data, and a lack of mindfulness. Insider Threat Mindfulness Proprietary Information Spillage Social Networking Spillage
12	Novel Alert Visualization: The Development of a Visual Analytics Prototype for Mitigation of Malicious Insider Cyber Threats Clarke, Karla A. 01 January 2018 (has links) Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innovative validated visualizations for cyber analysts to better decipher and react to detected anomalies has not been reported in literature or in industry. Attacks caused by malicious insiders can cause millions of dollars in losses to an organization. Though there have been advances in Intrusion Detection Systems (IDSs) over the last three decades, traditional IDSs do not specialize in anomaly identification caused by insiders. There is also a profuse amount of data being presented to cyber analysts when deciphering big data and reacting to data breach incidents using complex information systems. Information visualization is pertinent to the identification and mitigation of malicious cyber insider threats. The main goal of this study was to develop and validate, using Subject Matter Experts (SME), an executive insider threat dashboard visualization prototype. Using the developed prototype, an experimental study was conducted, which aimed to assess the perceived effectiveness in enhancing the analysts’ interface when complex data correlations are presented to mitigate malicious insiders cyber threats. Dashboard-based visualization techniques could be used to give full visibility of network progress and problems in real-time, especially within complex and stressful environments. For instance, in an Emergency Room (ER), there are four main vital signs used for urgent patient triage. Cybersecurity vital signs can give cyber analysts clear focal points during high severity issues. Pilots must expeditiously reference the Heads Up Display (HUD), which presents only key indicators to make critical decisions during unwarranted deviations or an immediate threat. Current dashboard-based visualization techniques have yet to be fully validated within the field of cybersecurity. This study developed a visualization prototype based on SME input utilizing the Delphi method. SMEs validated the perceived effectiveness of several different types of the developed visualization dashboard. Quantitative analysis of SME’s perceived effectiveness via self-reported value and satisfaction data as well as qualitative analysis of feedback provided during the experiments using the prototype developed were performed. This study identified critical cyber visualization variables and identified visualization techniques. The identifications were then used to develop QUICK.v™ a prototype to be used when mitigating potentially malicious cyber insider threats. The perceived effectiveness of QUICK.v™ was then validated. Insights from this study can aid organizations in enhancing cybersecurity dashboard visualizations by depicting only critical cybersecurity vital signs. Information technology cybersecurity insider threat Intrusion Detection malicious insider visualization vital signs Computer Sciences
13	Study of Information Behavior of Opportunistic Insiders with Malicious Intent Sinha, Vikas 05 1900 (has links) Enterprises have focused on mechanisms to track insiders who may intentionally exceed and misuse their authorized access. However, there is an opportunity to understand why a trusted individual would want to exploit the trust and seek information with the intent of a malicious outcome. The detection of insider rogue or nefarious activities with information to which a user is already authorized is extremely difficult. Such insider threats require more deliberation than just considering it to be a problem that can be mitigated only by software or hardware enhancements. This research expects to help gain an early understanding of antecedents to such information behavior and provide an opportunity to develop approaches to address relevant character traits which could lead to a higher propensity of information misuse. This research proposes a theoretical framework and a conceptual research model to understand the antecedent factors to opportunistic information-seeking behavior of individuals. The study follows the three-essay format. Essay 1 explores the scholarly literature published about insider behavior to understand information behavior and proposes the theoretical framework for the study. PRISMA methodology was used for the thematic literature review. Essay 2 is a quantitative study of 424 university students surveyed using an online instrument for their responses to various scenarios in the context of academic dishonesty. Academic dishonesty is proposed as a proxy for information misuse. Essay 3 is a qualitative study engaging senior executives from various industries to understand their perspectives on the behavioral characteristics of individuals as they try to protect their corporate information from being misused and protect their reputation and liability from malicious use of their information. Malicious Information Behavior Opportunistic Information Behavior Insider Threat Information Security Moral Resiliency Social Resiliency Zero-Trust
14	An Approach to Effectively Identify Insider Attacks within an Organization Doss, Gary 01 January 2012 (has links) The purpose of this research is to identify the factors that influence organizational insiders to violate information security policies. There are numerous accounts of successful malicious activities conducted by employees and internal users of organizations. Researchers and organizations have begun looking at methods to reduce or mitigate the insider threat problem. Few proposed methods and models to identify, deter, and prevent the insider threat are based on empirical data. Additionally, few studies have focused on the targets or goals of the insider with organizational control as a foundation. From a target perspective, an organization might be able to control the outcome of a malicious insider threat attack. This research applied a criminology lens as an organization policy violation is, or resembles, a criminal activity. This research uses the Routine Activities Theory (RAT) as a guide to develop a theoretical model. The adoption of RAT was for its focus on the target and the protective controls, while still taking into account the motivated offender. The study identified the components of the model concerning insider threats, espionage, and illicit behavior related to information systems through literature. This led to the development of 10 hypotheses regarding the relationships of key factors that influence malicious insider activity. Data was collected using a scenario-based survey, which allowed for impartial responses from a third-person perspective. This technique has become popular in the field of criminology, as the effects of social desirability, acceptance, or repudiation will not be a concern. A pilot test verified the survey's ability to collect the appropriate data. The research employed Structural Equation Modeling (SEM) and Confirmatory Factor Analysis (CFA) techniques to analyze and evaluate the data. SEM and CFA techniques identified the fit of the model and the factors that influence information security policy violations. The result of the analysis provided criteria to accept the hypotheses and to identify key factors that influence insider Information System policy violations. This research identified the relationships and the level of influence between each factor. computer security confirmatory factor analysis Insider threat organization security routine activities theory structural equation modeling Computer Sciences
15	Cyber Profiling for Insider Threat Detection Udoeyop, Akaninyene Walter 01 August 2010 (has links) Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior. insider threat cyber crime insider cyber security anomaly detection data breach Computer and Systems Architecture Digital Communications and Networking
16	Cyber Profiling for Insider Threat Detection Udoeyop, Akaninyene Walter 01 August 2010 (has links) Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior. insider threat cyber crime insider cyber security anomaly detection data breach Computer and Systems Architecture Digital Communications and Networking
17	To Spy the Lie. Detecting the Insider Threat of Espionage Bergström, Emma January 2023 (has links) Acts committed by insiders have risen during past years, and there is a need for a better understanding of how preventive measures can be used, not just remedial action after the fact. The current narrative in research when discussing espionage was motive; why someone committed espionage. The aim of this study was to create a theoretical model of a ‘risk individual’ and, with the use of the model, techniques for personality assessment and text analysis, develop an artefact, a self-assessment test, that could be used to assess if a person had a higher risk to commit the act of espionage. Design Science research was chosen as a main methodological approach with supporting methods throughout. A survey was chosen to collect the data and the data was analyzed quantitatively. The artefact is partly based on selfassessment questionnaires and partly on themes identified as necessary when a governmental agency conducted personal security interviews for potential new hires. In order to achieve the research goal, data from 52 individuals were collected and analyzed using various quantitative methods. When applying internal reliability testing to the risk factors proposed by the theoretical model, seven out of the eight factors had good reliability. One factor, stress, performed poorly. This was probably due to the width of the questions asked, from personal to professional stress. This resulted in stress being removed from further testing. The remaining seven factors correlated with each other, apart from one, entitlement. This risk factor correlated with ethical flexibility but not the other six risk factors. In order to test how well the Big Five correlated with risk, the mean of a risk individual was calculated and compared with the five factors of OCEAS. The five factors all correlated negatively with risk, with agreeableness having the highest negative correlation and extroversion having the lowest. Differences could be seen when comparing the ten participants with the highest mean risk score to the ten with the lowest for both the Big Five and the risk factors in the theoretical model. The differences for the Big Five were lower than those for the theoretical model, i.e., both Big Five and the theoretical model work as sorting out higher-risk individuals. However, they worked better together and provided a more profound picture than using just one or the other. The open-text questions were analyzed with the help of wordlists to calculate how the participants used different types of pronouns when writing. One wordlist provided potentially interesting results (the word list for ‘I’), while the others did not. Insider threat insider risk espionage personality traits theoretical model of risk factors personality assessment Computer Sciences Datavetenskap (datalogi)
18	A Multi-Modal Insider Threat Detection and Prevention based on Users' Behaviors Hashem, Yassir 08 1900 (has links) Insider threat is one of the greatest concerns for information security that could cause more significant financial losses and damages than any other attack. However, implementing an efficient detection system is a very challenging task. It has long been recognized that solutions to insider threats are mainly user-centric and several psychological and psychosocial models have been proposed. A user's psychophysiological behavior measures can provide an excellent source of information for detecting user's malicious behaviors and mitigating insider threats. In this dissertation, we propose a multi-modal framework based on the user's psychophysiological measures and computer-based behaviors to distinguish between a user's behaviors during regular activities versus malicious activities. We utilize several psychophysiological measures such as electroencephalogram (EEG), electrocardiogram (ECG), and eye movement and pupil behaviors along with the computer-based behaviors such as the mouse movement dynamics, and keystrokes dynamics to build our framework for detecting malicious insiders. We conduct human subject experiments to capture the psychophysiological measures and the computer-based behaviors for a group of participants while performing several computer-based activities in different scenarios. We analyze the behavioral measures, extract useful features, and evaluate their capability in detecting insider threats. We investigate each measure separately, then we use data fusion techniques to build two modules and a comprehensive multi-modal framework. The first module combines the synchronized EEG and ECG psychophysiological measures, and the second module combines the eye movement and pupil behaviors with the computer-based behaviors to detect the malicious insiders. The multi-modal framework utilizes all the measures and behaviors in one model to achieve better detection accuracy. Our findings demonstrate that psychophysiological measures can reveal valuable knowledge about a user's malicious intent and can be used as an effective indicator in designing insider threat monitoring and detection frameworks. Our work lays out the necessary foundation to establish a new generation of insider threat detection and mitigation mechanisms that are based on a user's involuntary behaviors, such as psychophysiological measures, and learn from the real-time data to determine whether a user is malicious. Computer Science Computer crimes -- Investigation.
19	Virtue Ethics: Examining Influences on the Ethical Commitment of Information System Workers in Trusted Positions Gray, John Max 01 January 2015 (has links) Despite an abundance of research on the problem of insider threats, only limited success has been achieved in preventing trusted insiders from committing security violations. Virtue ethics may be an approach that can be utilized to address this issue. Human factors such as moral considerations impact Information System (IS) design, use, and security; consequently they affect the security posture and culture of an organization. Virtue ethics based concepts have the potential to influence and align the moral values and behavior of information systems workers with those of an organization in order to provide increased protection of IS assets. An individual’s character strengths have been linked to positive personal development, but there has been very little research into how the positive characteristics of virtue ethics, exhibited through the character development of information systems workers, can contribute to improving system security. This research aimed to address this gap by examining factors that affect and shape the ethical perspectives of individuals entrusted with privileged access to information. This study builds upon prior research and theoretical frameworks on institutionalizing ethics into organizations and Information Ethics to propose a new theoretical model which demonstrates the influences on Information Systems Security (ISS) trusted worker ethical behavior within an organization. Components of the research model include ISS virtue ethics based constructs, organizational based internal influences, societal based external influences, and trusted worker ethical behavior. This study used data collected from 395 professionals in an ISS organization to empirically assess the model. Partial Least Squares Structural Equation Modeling was employed to analyze the indicators, constructs, and path relationships. Various statistical tests determined validity and reliability, with mixed but adequate results. All of the relationships between constructs were positive, although some were stronger and more significant. The expectation of the researcher in this study was to better understand the character of individuals who pose an insider threat by validating the proposed model, thereby providing a conceptual analysis of the character traits which influence the ethical behavior of trusted workers and ultimately information system security. Information science Information technology Ethics construct development ethical behavior model information systems security insider threat trusted workers virtue ethics Computer Sciences Computer Security Databases and Information Systems Ethics and Political Philosophy
20	A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP) Tekle, Solomon Mekonnen 07 1900 (has links) The insider threat problem is extremely challenging to address, as it is committed by insiders who are trusted and authorized to access the information resources of the organization. The problem is further complicated by the multifaceted nature of insiders, as human beings have various motivations and fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders. Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This research presents a novel insider threat prevention and prediction model, combining several approaches, techniques and tools from the fields of computer science and criminology. The model is a Privacy- Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive), opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud Diamond similar to crimes committed within the physical landscape. The model intends to act within context, which implies that when the model offers predictions about threats, it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information about insiders for the purposes of prediction, there is a need to collect current information, as the motives and behaviours of humans are transient. Context-aware systems are used in the model to collect current information about insiders related to motive and ability as well as to determine whether insiders exploit any opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any rationalizations the insider may have via neutralization mitigation, thus preventing the insider from committing a future crime. However, the model collects private information and involves entrapment that will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this thesis argues that an insider prediction model must be privacy-preserving in order to prevent further cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from being tempted to commit a crime in future. The model involves four major components: context awareness, opportunity facilitation, neutralization mitigation and privacy preservation. The model implements a context analyser to collect information related to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan. The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs keystroke and linguistic features based on typing patterns to collect information about any change in an insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime. Research demonstrates that most of the insiders who have committed a crime have experienced a negative emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers without their consent or denial of a wage increase. However, there may also be personal problems such as a divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model also assesses the capability of insiders to commit a planned attack based on their usage of computer applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and skill as well as assessing the number of systems errors and warnings generated while using the applications. The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a motivated and capable insider will exploit any opportunity in the organization involving a criminal act. Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of nullifying the rationalizations that the insider may have had for committing the crime. All information about insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders. The model also intends to identify any new behaviour that may result during the course of implementation. This research contributes to existing scientific knowledge in the insider threat domain and can be used as a point of departure for future researchers in the area. Organizations could use the model as a framework to design and develop a comprehensive security solution for insider threat problems. The model concept can also be integrated into existing information security systems that address the insider threat problem / Information Science / D. Phil. (Information Systems) Insider threat Fraud diamond Context-aware system Information security Privacy preservation 005.8 Computer networks -- Security measures Computer networks -- Access control Data protection Penetration testing (Computer security) Computer crimes Hackers Computer security

Search results