Modeling and simulating insider cyber security Threats using psychosocial factors
Abstract
Insider threat is rapidly becoming the largest information security problem that organizations
face. The Government and the private sector have made technology adoption their central focus
over the last couple of years. The investment in technology as well as improvement in the
telecommunications infrastructure has led to tremendous growth in Internet usage, but with
insufficient attention being given to securing the cyberspace. With granted access to internal
systems, it is becoming increasingly harder to protect organizations from malicious insiders. The
typical methods of mitigating insider threat are simply not working, primarily because insider
threat is a people problem and most mitigation strategies are geared towards profiling and
anomaly detection which are problematic at best. As a result, a new type of model is proposed
here, one that incorporates risk management with human behavioral science.
The new insider threat prediction model focuses on observable influences that affect employees
and identifies employees with increased risk of becoming malicious insiders. This research
details the need for the model, the model's components and how it works. The model is tested
using psychosocial factors as derived from case studies that indicate an individual's
predisposition to malicious activities.
The model's main purpose is the differentiation of malicious and non-malicious employees.
Implemented with the right tool, the new model has great potential for use by security personnel
in their efforts to mitigate insider threat damage. It can also be used by HR personnel in their
desire to monitor and track employee behavior that is likely to lead to harm to organization
systems.
The researcher reviewed literature on insider cyber threats by covering the insider cyber security
threat concept. The concept addressed who an insider is with emphasis given to trusted
employees with legitimate access. Through literature review, the researcher was able to identify
existing approaches that have been developed to address insider threat issues. Some of the
approaches include Counter-productive Work Behavior (CWB), Schematic Protection Model and
agent-based user profiling model.
iii
The researcher then developed a conceptual framework to guide the study. The Model-Based
Predictive Conceptual Framework comprises a knowledge base of indicators which has
processes ranging from data to observations and finally behaviors. The framework requires data
which is processed to infer observations, while observations are processed to infer indicators and
finally indicators are processed to infer behavior.
The researcher used a hybrid of the system dynamics and agent-based modeling technique to
simulate insider cyber threats. The psychosocial indicators identified during literature review
were the input variables that were given weights based on their influence on human behavior.
The study underscored the fact that employee disgruntlement was a recurring factor in all the
cases. For example, one's previous behavior had an effect on their current behavior, while
expectations of recognition would affect where an individual if they are denied promotion or
some perceived entitlement.
The evaluation of the data collected showed that men contributed approximately 67.65% of the
insider cyber threat cases with women standing at 32.35% of the total sampled data.
From the study, it can be stated that the Insider Threat Prediction Model (ITPM) is a useful tool
for any security practitioner and HR or management personnel for identifying at risk employees
and making useful remedial action before the concerning behavior becomes a threat to security.
The research provides a foundation for learning behavioral characteristics when hiring
employees but also being able to continuously monitor employee behavior in order to stem
possible disgruntlement or other concerning behaviors
Citation
Master of science in computer sciencePublisher
Unversity of Nairobi