Visible to the public Insider Threat

SoS Newsletter- Advanced Book Block

Insider Threat

The insider threat continues to grow and the need to develop technical solutions to the problem grows as well. But through August of 2014, there has been little original scholarship written about research being conducted in this important area. The half dozen articles cited here are all of the works found in academic literature for the year.

  • Szott, S., "Selfish Insider Attacks In IEEE 802.11s Wireless Mesh Networks," Communications Magazine, IEEE, vol.52, no.6, pp.227,233, June 2014. doi: 10.1109/MCOM.2014.6829968 The IEEE 802.11s amendment for wireless mesh networks does not provide incentives for stations to cooperate and is particularly vulnerable to selfish insider attacks in which a legitimate network participant hopes to increase its QoS at the expense of others. In this tutorial we describe various attacks that can be executed against 802.11s networks and also analyze existing attacks and identify new ones. We also discuss possible countermeasures and detection methods and attempt to quantify the threat of the attacks to determine which of the 802.11s vulnerabilities need to be secured with the highest priority. Keywords: telecommunication security; wireless LAN; wireless mesh networks; IEEE 802.11s wireless mesh networks; selfish insider attacks; Ad hoc networks; IEEE 802.11 Standards; Logic gates; Protocols; Quality of service; Routing; Wireless mesh networks (ID#:14-2356) URL:
  • Flores, D.A, "An Authentication And Auditing Architecture For Enhancing Security On Egovernment Services," eDemocracy & eGovernment (ICEDEG), 2014 First International Conference on , vol., no., pp.73,76, 24-25 April 2014. doi: 10.1109/ICEDEG.2014.6819952 eGovernment deploys governmental information and services for citizens and general society. As the Internet is being used as underlying platform for information exchange, these services are exposed to data tampering and unauthorised access as main threats against citizen privacy. These issues have been usually tackled by applying controls at application level, making authentication stronger and protecting credentials in transit using digital certificates. However, these efforts to enhance security on governmental web sites have been only focused on what malicious users can do from the outside, and not in what insiders can do to alter data straight on the databases. In fact, the lack of security controls at back-end level hinders every effort to find evidence and investigate events related to credential misuse and data tampering. Moreover, even though attackers can be found and prosecuted, there is no evidence and audit trails on the databases to link illegal activities with identities. In this article, a Salting-Based Authentication Module and a Database Intrusion Detection Module are proposed as enhancements to eGovernment security to provide better authentication and auditing controls. Keywords: Internet; Web sites; access control; digital signatures; government data processing; information systems; public administration; security of data; Internet platform; auditing control; citizen privacy; data tampering; database intrusion detection module; digital certificates ;eGovernment security enhancement; eGovernment services; governmental Web sites; governmental information deployment; salting-based authentication module; unauthorised access; Access control; Authentication; Databases; Intrusion detection; Servers; Web sites; architecture; auditing; authentication; database; eGovernment; intrusion detection; log; salting (ID#:14-2357) URL:
  • Greitzer, F.L.; Strozer, J.; Cohen, S.; Bergey, J.; Cowley, J.; Moore, A; Mundie, D., "Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies," System Sciences (HICSS), 2014 47th Hawaii International Conference on , vol., no., pp.2025,2034, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.256 Organizations often suffer harm from individuals who bear them no malice but whose actions unintentionally expose the organizations to risk in some way. This paper examines initial findings from research on such cases, referred to as unintentional insider threat (UIT). The goal of this paper is to inform government and industry stakeholders about the problem and its possible causes and mitigation strategies. As an initial approach to addressing the problem, we developed an operational definition for UIT, reviewed research relevant to possible causes and contributing factors, and provided examples of UIT cases and their frequencies across several categories. We conclude the paper by discussing initial recommendations on mitigation strategies and countermeasures. Keywords: organisational aspects; security of data; UIT; contributing factors; government; industry stakeholders; mitigation strategy; organizations unintentional insider threat; Electronic mail; Human factors; law; Organizations; Security; Stress; Contributing; Definition; Ethical; Factors; Feature; Human; Insider; Legal; Mitigation; Model; Organizational; Observables; Psychosocial; Strategies; Threat; Unintentional; demographic (ID#:14-2358) URL:
  • Yi-Lu Wang; Sang-Chin Yang, "A Method of Evaluation for Insider Threat," Computer, Consumer and Control (IS3C), 2014 International Symposium on , vol., no., pp.438,441, 10-12 June 2014. doi: 10.1109/IS3C.2014.121 Due to cyber security is an important issue of the cloud computing. Insider threat becomes more and more important for cyber security, it is also much more complex issue. But till now, there is no equivalent to a vulnerability scanner for insider threat. We survey and discuss the history of research on insider threat analysis to know system dynamics is the best method to mitigate insider threat from people, process, and technology. In the paper, we present a system dynamics method to model insider threat. We suggest some concludes for future research who are interested in insider threat issue The study. Keywords: cloud computing; security of data; cloud computing; cyber security; insider threat analysis; insider threat evaluation; insider threat mitigation; vulnerability scanner; Analytical models; Computer crime; Computers; Educational institutions; Organizations ;Insider threat; System Dynamic (ID#:14-2359) URL:
  • Gritzalis, D.; Stavrou, V.; Kandias, M.; Stergiopoulos, G., "Insider Threat: Enhancing BPM through Social Media," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on , vol., no., pp.1,6, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814027 Modern business environments have a constant need to increase their productivity, reduce costs and offer competitive products and services. This can be achieved via modeling their business processes. Yet, even in light of modelling's widespread success, one can argue that it lacks built-in security mechanisms able to detect and fight threats that may manifest throughout the process. Academic research has proposed a variety of different solutions which focus on different kinds of threat. In this paper we focus on insider threat, i.e. insiders participating in an organization's business process, who, depending on their motives, may cause severe harm to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes. We discuss their pros and cons and propose a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media. It exams the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be only allowed on exceptional cases, such as protecting critical infrastructures. Keywords: {business data processing; organisational aspects; process monitoring; social networking (online);BPM enhancement; built-in security mechanism; business process monitoring tools; cost reduction; enterprise business processes; insider threat; organization business process management; privacy violations; social media; Media; Monitoring; Organizations; Privacy; Security; Unified modeling language (ID#:14-2360) URL:
  • Kajtazi, M.; Bulgurcu, B.; Cavusoglu, H.; Benbasat, I, "Assessing Sunk Cost Effect on Employees' Intentions to Violate Information Security Policies in Organizations," System Sciences (HICSS), 2014 47th Hawaii International Conference on, vol., no., pp.3169,3177, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.393 It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders' intentional violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future. keywords: organisational aspects; personnel; security of data; ISP; banking; compliance behavior; employees intentions ;information security policy; information-intensive organizations; insider intentional violation; mediating factor; pharmaceutical industries; sunk cost effect assessment; technology resources; Educational institutions; Information security; Mathematical model; Organizations; Pharmaceuticals; Reliability; completion effect; goal incongruency; information security violation; insider threats; sunk cost (ID#:14-2361) URL:


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.