Malicious Insider Threat Detection: A Conceptual Model

Tesleem Fagade; Theo Tryfonas

Malicious Insider Threat Detection: A Conceptual Model

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

610 Downloads (Pure)

Abstract

The advent of Internet technologies, growing number of sophisticated hacking tools and mobile workforce creates a new dimension to the malicious insider problem for many organisations. In spite of the significant interest from researchers and industry experts, trusted employees with elevated access continue to pose insider challenges to organisation risk mitigation efforts. It is suggested that malicious insiders show certain personality traits, leave behind digital footprints and observable cyber risk behaviour in advance of an attack. This work offers a different perspective to address the insider problem by drawing concepts from behavioural theory, personality profiling and digital trails auditing. Instead of isolated treatments, our approach
considers the intersection of different risk domains and aggregates risk scores from each as a predictor of malicious insider activities. This model has significant implication for security professionals, to draw insight from inextricably linked risk domains within the context of cybersecurity management. However, substantial empirical work is still needed to evaluate the model in real world cases.

Original language	English
Title of host publication	Security and Protection of Information 2017 (SPI)
Place of Publication	Brno, Czech Republic
Publisher	University of Defence
Publication status	E-pub ahead of print - 1 Jun 2017
Event	Security and Protection of Information - SPI 2017 - University of Defence, Brno, Czech Republic Duration: 1 Jun 2017 → 2 Jun 2017

Publication series

Name	Security and Protection of Information
Publisher	University of Defence
ISSN (Print)	2336-5587

Conference

Conference	Security and Protection of Information - SPI 2017
Country/Territory	Czech Republic
City	Brno
Period	1/06/17 → 2/06/17

Access to Document

Full-text PDF (accepted author manuscript)
This is the author accepted manuscript (AAM). The final published version (version of record) is available online via SPI at http://spi.unob.cz/papers/spi2015.html. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 1.01 MB

Handle.net

Persistent link

Cite this

@inproceedings{3b468f8d46c6487eae509dc03b71a600,

title = "Malicious Insider Threat Detection: A Conceptual Model",

abstract = "The advent of Internet technologies, growing number of sophisticated hacking tools and mobile workforce creates a new dimension to the malicious insider problem for many organisations. In spite of the significant interest from researchers and industry experts, trusted employees with elevated access continue to pose insider challenges to organisation risk mitigation efforts. It is suggested that malicious insiders show certain personality traits, leave behind digital footprints and observable cyber risk behaviour in advance of an attack. This work offers a different perspective to address the insider problem by drawing concepts from behavioural theory, personality profiling and digital trails auditing. Instead of isolated treatments, our approach considers the intersection of different risk domains and aggregates risk scores from each as a predictor of malicious insider activities. This model has significant implication for security professionals, to draw insight from inextricably linked risk domains within the context of cybersecurity management. However, substantial empirical work is still needed to evaluate the model in real world cases. ",

author = "Tesleem Fagade and Theo Tryfonas",

year = "2017",

month = jun,

day = "1",

language = "English",

series = "Security and Protection of Information",

publisher = "University of Defence",

booktitle = "Security and Protection of Information 2017 (SPI)",

address = "Czech Republic",

note = "Security and Protection of Information - SPI 2017 ; Conference date: 01-06-2017 Through 02-06-2017",

}

TY - GEN

T1 - Malicious Insider Threat Detection

T2 - Security and Protection of Information - SPI 2017

AU - Fagade, Tesleem

AU - Tryfonas, Theo

PY - 2017/6/1

Y1 - 2017/6/1

N2 - The advent of Internet technologies, growing number of sophisticated hacking tools and mobile workforce creates a new dimension to the malicious insider problem for many organisations. In spite of the significant interest from researchers and industry experts, trusted employees with elevated access continue to pose insider challenges to organisation risk mitigation efforts. It is suggested that malicious insiders show certain personality traits, leave behind digital footprints and observable cyber risk behaviour in advance of an attack. This work offers a different perspective to address the insider problem by drawing concepts from behavioural theory, personality profiling and digital trails auditing. Instead of isolated treatments, our approach considers the intersection of different risk domains and aggregates risk scores from each as a predictor of malicious insider activities. This model has significant implication for security professionals, to draw insight from inextricably linked risk domains within the context of cybersecurity management. However, substantial empirical work is still needed to evaluate the model in real world cases.

AB - The advent of Internet technologies, growing number of sophisticated hacking tools and mobile workforce creates a new dimension to the malicious insider problem for many organisations. In spite of the significant interest from researchers and industry experts, trusted employees with elevated access continue to pose insider challenges to organisation risk mitigation efforts. It is suggested that malicious insiders show certain personality traits, leave behind digital footprints and observable cyber risk behaviour in advance of an attack. This work offers a different perspective to address the insider problem by drawing concepts from behavioural theory, personality profiling and digital trails auditing. Instead of isolated treatments, our approach considers the intersection of different risk domains and aggregates risk scores from each as a predictor of malicious insider activities. This model has significant implication for security professionals, to draw insight from inextricably linked risk domains within the context of cybersecurity management. However, substantial empirical work is still needed to evaluate the model in real world cases.

M3 - Conference Contribution (Conference Proceeding)

T3 - Security and Protection of Information

BT - Security and Protection of Information 2017 (SPI)

PB - University of Defence

CY - Brno, Czech Republic

Y2 - 1 June 2017 through 2 June 2017

ER -

Malicious Insider Threat Detection: A Conceptual Model

Abstract

Publication series

Conference

Access to Document

Handle.net

Fingerprint

Cite this