Advanced search
Publication Cover
Journal of Computer Information Systems Volume 62, 2022 - Issue 4
Submit an article Journal homepage
3,636
Views
10
CrossRef citations to date
0
Altmetric
Original Articles

Detecting Insider Threat via a Cyber-Security Culture Framework

Anna GeorgiadouNational Technical University of Athens, Zografou, GreeceCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-0078-6969View further author information
ORCID Icon,
Spiros MouzakitisNational Technical University of Athens, Zografou, GreeceORCID Iconhttps://orcid.org/0000-0001-9616-447XView further author information
ORCID Icon &
Dimitris AskounisNational Technical University of Athens, Zografou, GreeceORCID Iconhttps://orcid.org/0000-0002-2618-5715View further author information
ORCID Icon
Pages 706-716 | Published online: 05 May 2021

References

  • Ponemon Insitute. 2020 cost of insider threats: global report. Ponemon Insitute; 2020.
  • Verizon. 2020 data breach investigations report. Verizon; 2020.
  • Tessian. Securing the future of hydrid working. Tessian; 2020.
  • The 2020 state of remote work. Buffer & AngelList; 2020.
  • Gheyas IA, Abdallah AE. Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis. Big Data Anal. 2016;1(6). doi:https://doi.org/10.1186/s41044-016-0006-0.
  • Schulze H. 2020 insider threat survey report. Gurucul; 2020.
  • Luckey D, Stebbins D, Orrie R, Rebhan E, Bhatt SD, Beaghley S. Assessing continuous evaluation approaches for insider threats: how can the security posture of the U.S. Departments and Agencies be improved? Santa Monica (CA): RAND Corporation; 2019. https://www.rand.org/pubs/research_reports/RR2684.html.
  • Ko LL, Divakaran DM, Liau YS, Thing VL. Insider threat detection and its future directions. Int J Secur Netw. 2017;12(3):168–87. doi:https://doi.org/10.1504/IJSN.2017.084391.
  • Cole E, Ring S. Insider threat: protecting the enterprise from sabotage, Spying, and Theft. Rockland (MA): Syngress; 2005.
  • Kim A, Oh J, Ryu J, Lee J, Kwon K, Lee K. SoK: a systematic review of insider threat detection. J Wirel Mob Netw. 2019;10:46–67.
  • Greitzer FL, Purl J, Leong YM, Sticha PJ. Positioning your organization to respond to insider threats. IEEE Eng Manag Rev. 2019;47(2):75–83. doi:https://doi.org/10.1109/EMR.2019.2914612.
  • Tessian. The state of Data Loss Prevention (DLP) 2020. Tessian; 2020.
  • Anderson RH, Brackney R. Understanding the insider threat: proceedings of a March 2004 workshop. Santa Monica (CA): RAND Corporation; 2004. https://www.rand.org/pubs/conf_proceedings/CF196.html.
  • Bishop M. Position: “insider” is relative. Proceedings of the 2005 Workshop on New Security Paradigms; 2005; Lake Arrowhead, California.
  • Greitzer FL, Moore AP, Cappelli DM, Andrews DH, Carroll LA, Hull TD. Combating the insider cyber threat. IEEE Secur Priv. 2008;6(1):61–64. doi:https://doi.org/10.1109/MSP.2008.8.
  • Hunker J, Probst CW. Insiders and insider threats - an overview of definitions and mitigation techniques. J Wirel Mob Netw Ubiquitous Comput Dependable Appl. 2011;2:4–27.
  • Theis M, Trzeciak RF, Costa DL, Moore AP, Miller S, Cassidy T, Claycomb WR. Common sense guide to mitigating insider threats. 6th ed. Pittsburgh (PA): Carnegie Mellon University; 2020.
  • Homoliak I, Toffalini F, Guarnizo J, Elovici Y, Ochoa M. Insight into insiders and IT: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput Surv. 2019;52(2):1–40. doi:https://doi.org/10.1145/3303771.
  • Anderson JP. Computer security threat monitoring and surveillance. Fort Washington (PA): James P Anderson Company; 1980.
  • Salem MB, Hershkop S, Stolfo SJ. A survey of insider attack detection research. In: Stolfo SJ, Bellovin SM, Keromytis AD, Hershkop S, Smith SW, Sinclair S, editors. Insider attack and cyber security. Advances in information security. Vol. 39. Boston (MA): Springer; 2008. p. 69–90. https://doi.org/https://doi.org/10.1007/978-0-387-77322-3_5.
  • Bellovin SM. The insider attack problem nature and scope. In: Stolfo SJ, Bellovin SM, Keromytis AD, Hershkop S, Smith SW, Sinclair S, editors. Insider attack and cyber security. Advances in information security. Vol. 39. Boston (MA): Springer; 2008. p. 1–4. https://doi.org/https://doi.org/10.1007/978-0-387-77322-3_1.
  • Hayden MV. The insider threat to US government information systems. National Security Telecommunications And Information Systems Security Committee; 1999; Fort Meade.
  • Shaw E, Fischer LF. Ten tales of betrayal: the threat to corporate infrastructure by information technology. Monterey (CA): Defense Personnel Security Research Center; 2005.
  • Myers J, Grimaila MR, Mills RF. Towards insider threat detection using web server logs. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies; 2009; Oak Ridge Tennessee.
  • Claycomb WR, Nicoll A. Insider threats to cloud computing: directions for new research challenges. IEEE 36th Annual Computer Software and Applications Conference; 2012; Izmir.
  • Bishop M, Gates C. Defining the insider threat. Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead; 2008; Oak Ridge, Tennessee.
  • Magklaras G, Furnell S. Insider threat prediction tool: evaluating the probability of IT misuse. Comput Secur. 2002;21(1):62–73. doi:https://doi.org/10.1016/S0167-4048(02)00109-8.
  • Phyo AH, Furnell S. A detection-oriented classification of insider it misuse. Third Security Conference; 2004; Las Vegas, Nevada, USA.
  • Cappelli D, Moore A, Trzeciak R. The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Boston (MA): Addison-Wesley Professional; 2012.
  • Kim A, Oh J, Ryu J, Lee K. A review of insider threat detection approaches. IEEE Access. 2020;8:78847–67. doi:https://doi.org/10.1109/ACCESS.2020.2990195.
  • Greitzer FL. Insider threats: it’s the HUMAN, stupid! Proceedings of the Northwest Cybersecurity Symposium; 2019; Richland, WA.
  • Maasberg M, Beebe NL. The enemy within the insider: detecting the insider threat. J Inf Privacy Secur. 2014;10(2):59–70. doi:https://doi.org/10.1080/15536548.2014.924807.
  • Kim A, Oh J, Ryu J, Lee K. A review of insider threat detection approaches with IoT perspective. IEEE Access. 2020;8:78847–67.
  • Greitzer FL, Frincke DA. Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. In: Probst C, Hunker J, Gollmann D, Bishop M, editors. Insider threats in cyber security. Advances in information security. Vol. 49. Boston (MA): Springer; 2010. p. 85–113. https://doi.org/https://doi.org/10.1007/978-1-4419-7133-3_5.
  • Ophoff J, Jensen A, Sanderson-Smith J, Porter M, Johnston K. A descriptive literature review and classification of insider threat research. Proceedings of Informing Science & IT Education Conference (InSITE) 2014; 2014; Wollongong.
  • Oladimeji TO, Ayo CK, Adewumi S. Review on insider threat detection techniques. J Phys Conf Ser. 2019;1299:012046.
  • Cappelli D, Moore AP, Randazzo MR, Keeney M, Kowalski E. Insider threat study: illicit cyber activity in the banking and finance sector. Pittsburgh (PA): Software Engineering Institute; 2004.
  • Conway T, Keverline S, Keeney M, Kowalski E, Williams M, Cappelli D, Moore AP, Rogers S, Shimeall TJ. Insider threat study: computer system sabotage in critical infrastructure sectors. Pittsburgh (PA): Software Engineering Institute; 2005.
  • Cummings A, Lewellen T, McIntire D, Moore AP, Trzeciak RF. Insider threat study: illicit cyber activity involving fraud in the U.S. Financial services sector. Pittsburgh (PA): Software Engineering Institute; 2012.
  • Cappelli DM, Desai AG, Moore AP, Shimeall TJ, Weaver EA, Willke BJ. Management and Education of the Risk of Insider Threat (MERIT): system dynamics modeling of computer system sabotage. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst; 2008.
  • Moore AP, Cappelli DM, Trzeciak RF. The “big picture” of insider IT sabotage across U.S. Critical infrastructures. In: Stolfo SJ, Bellovin SM, Keromytis AD, Hershkop S, Smith SW, Sinclair S, editors. Insider attack and cyber security. Advances in Information Security. Vol. 39. Boston (MA): Springer; 2008. https://doi.org/https://doi.org/10.1007/978-0-387-77322-3_3.
  • Andersen D, Cappelli D, Gonzalez J, Mojtahedzadeh M, Moore A, Rich E, Sarriegui J, Shimeall T, Stanton J, Weaver E, et al. Preliminary system dynamics maps of the insider cyber-threat problem. Proceedings of the 22nd International Conference of the System dynamics Society; 2004 July 25–29; Oxford, England.
  • Claycomb WR, Huth CL, Flynn L, McIntire DM, Lewellen TB. Chronological examination of insider threat sabotage: preliminary observations. J Wirel Mob Netw Ubiquitous Comput Dependable Appl. 2012;3:4–20.
  • Costa DL, Collins ML, Perl SJ, Albrethsen MJ, Silowash GJ, Spooner DL. An ontology for insider threat indicators development and applications. CEUR Workshop Proceedings. 1304. 48–53. Proceedings of the Ninth Conference on Semantic Technologies for Intelligence, Defense, and Security (STIDS 2014); 2014 November 18–21, Fairfax VA, USA. http://ceur-ws.org/Vol-1304/.
  • Moore AP, Cappelli D, Caron TC, Shaw ED, Spooner D, Trzeciak RF. A preliminary model of insider theft of intellectual property. Pittsburgh (PA): Software Engineering Institute; 2011.
  • Moore AP, Cappelli D, Caron TC, Shaw ED, Trzeciak RF. Insider theft of intellectual property for business advantage: a preliminary model. Pittsburgh (PA): Software Engineering Institute; 2009.
  • CERT Insider Threat Team. Unintentional insider threats: a foundational study. Pittsburgh (PA): Software Engineering Insitute; 2013.
  • Cappelli D, Moore A, Trzeciak R, Shimeall TJ. Common sense guide to prevention and detection of insider threats 3rd edition – Version 3.1. Pittsburgh (PA): Software Engineering Institute; 2008.
  • Band SR, Cappelli D, Fischer LF, Moore AP, Shaw ED, Trzeciak RF. Comparing insider IT sabotage and espionage: a model-based analysis. Pittsburgh (PA): Software Engineering Institute; 2006.
  • Cappelli D, Desai AG, Moore AP, Shimeall TJ, Weaver EA, Willke BJ. Management and Education of the Risk of Insider Threat (MERIT): mitigating the risk of sabotage to employers information, systems, or networks. Pittsburgh (PA): Software Engineering Institute; 2007.
  • Legg P, Moffat N, Nurse JR, Happa J, Agrafiotis I, Goldsmith M, Creese S. Towards a conceptual model and reasoning structure for insider threat detection. J Wirel Mob Netw Ubiquitous Comput Dependable Appl. 2013;4:20–37.
  • Hanley M. Deriving candidate technical controls and indicators of insider attack from socio-technical models and data. Pittsburgh (PA): Software Engineering Institute; 2011.
  • Shaw ED, Stock HV. Behavioral risk indicators of malicious insider theft of intellectual property: misreading the writing on the wall. California: Symantec; 2011.
  • Hanley M, Dean T, Schroeder W, Houy M, Trzeciak RF, Montelibano J. An analysis of technical observations in insider theft of intellectual property cases. Pittsburgh (PA): Software Engineering Institute; 2011.
  • Kennedy KA. Management and mitigation of insider threats. In: Van Hasselt V, Bourke M, editors. Handbook of behavioral criminology. Cham: Springer; 2017. p. 485–99. https://doi.org/https://doi.org/10.1007/978-3-319-61625-4_28.
  • Greitzer FL, Strozer J, Cohen S, Bergey J, Cowley J, Moore A, Mundie D. Unintentional insider threat: contributing factors, observables, and mitigation. 47th Hawaii International Conference on System Sciences; 2014; Waikoloa.
  • Hadlington L. The “human factor” in cybersecurity: exploring the accidental insider. In: McAlaney J, Frumkin LA, Benson V, editors. Psychological and behavioral examinations in cyber security. Hershey (PA): IGI Global; 2018. p. 46–63. doi:https://doi.org/10.4018/978-1-5225-4053-3.ch003.
  • Greitzer FL, Kangas LJ, Noonan C, Dalton A. Identifying at-risk employees: a behavioral model for predicting potential insider threats. Richland (WA): Pacific Northwest National Lab; 2010. https://doi.org/https://doi.org/10.2172/1000159.
  • Greitzer F, Purl J, Leong YM, Becker DS. SOFIT: sociotechnical and organizational factors for insider threat. 2018 IEEE Security and Privacy Workshops (SPW); 2018; San Francisco.
  • Marcus B, Schuler H. Antecedents of counterproductive behavior at work: a general perspective. J Appl Psychol. 2004;89(4):647–60. doi:https://doi.org/10.1037/0021-9010.89.4.647.
  • Martinko MJ, Gundlach MJ, Douglas SC. Toward an integrative theory of counterproductive workplace behavior: a causal reasoning perspective. Int J Sel Assess. 2002;10(1–2):36–50. doi:https://doi.org/10.1111/1468-2389.00192.
  • Georgiadou A, Mouzakitis S, Bounas K, Askounis D. A cyber-security culture framework for assessing organization readiness. J Comput Inf Syst. 2020;1–11. doi:https://doi.org/10.1080/08874417.2020.1845583.
  • Blais A-R, Weber EU. A Domain-Specific Risk-Taking (DOSPERT) scale for adult populations. Judgm Decis Mak. 2006;1:33–47.
  • Scott SG, Bruce RA. Decision-making style: the development and assessment of a new measure. Educ Psychol Meas. 1995;5(5):818–31. doi:https://doi.org/10.1177/0013164495055005017.
  • Strathman A, Gleicher F, Boninger DS, Edwards S. The consideration of future consequences: weighing immediate and distant outcomes of behavior. J Pers Soc Psychol. 1994;66(4):742–52. doi:https://doi.org/10.1037/0022-3514.66.4.742.
  • Patton JH, Stanford MS, Barratt ES. Factor structure of the Barratt impulsiveness scale. J Clin Psychol. 1995;51(6):768–74. doi:https://doi.org/10.1002/1097-4679(199511)51:6<768::AID-JCLP2270510607>3.0.CO;2-1.
  • Cacioppo JT, Petty RE. The need for cognition. J Pers Soc Psychol. 1982;42(1):116–31. doi:https://doi.org/10.1037/0022-3514.42.1.116.
  • Egelman S, Peer E. Scaling the security wall: developing a Security Behavior Intentions Scale (SeBIS). 33rd Annual ACM Conference on Human Factors in Computing Systems; 2015; Seoul Republic of Korea.
  • Kiser AIT, Porter T, Vequist D. Employee monitoring and ethics: can they co-exist? Int J Digital Literacy Digital Competence. 2010;1(4):30–45. doi:https://doi.org/10.4018/jdldc.2010100104.
  • Greitzer FL, Frincke D, Zabriskie M. Social/ethical issues in predicitve insider threat monitoring. In: Dark MJ, editor. Information assurance and security ethics in complex systems: interdisciplinary perspectives. Hershey (PA): IGI Global; 2011. p. 132–61. doi:https://doi.org/10.4018/978-1-61692-245-0.ch007
  • Energy Shield. Energy Shield; 2019 [accessed 2020 Mar 25]. https://energy-shield.eu/.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.