Dispositional and situational factors: influences on information security policy violations

Insiders represent a major threat to the security of an organization’s information resources. Previous research has explored the role of dispositional and situational factors in promoting compliant behavior, but these factors have not been studied together. In this study, we use a scenario-based factorial survey approach to identify key dispositional and situational factors that lead to information security policy violation intentions. We obtained 317 observations from a diverse sample of insiders. The results of a general linear mixed model indicate that dispositional factors (particularly two personality meta-traits, Stability and Plasticity) serve as moderators of the relationships between perceptions derived from situational factors and intentions to violate information security policy. This study represents the first information security study to identify the existence of these two meta-traits and their influence on information security policy violation intentions. More importantly, this study provides new knowledge of how insiders translate perceptions into intentions based on their unique personality trait mix.     

Insiders Behaving Badly

This column goes beyond previous insider analyses to identify a framework for a taxonomy of insider threats including both malicious and inadvertent actions by insiders that put organizations or their resources at some risk. The framework includes factors reflecting the organization, the individual, the information technology system, and the environment.     

Do I have to learn something new? Mental models and the acceptance of replacement technologies

Few studies in technology acceptance have explicitly addressed the acceptance of replacement technologies, technologies that replace legacy ones that have been in use. This article explores this issue through the theoretical lens of mental models. We contend that accepting replacement technologies entails both mental model maintenance and mental model building: mental model maintenance enables users to apply their knowledge of the legacy technologies, and mental model building helps users acquire new knowledge and reform their understanding to use replacement technologies. Both processes affect user perceptions about replacement technologies, which in turn affect user intentions to use them. In addition, this study explores how perceived compatibility between replacement and legacy technologies affects both mental model processes. A research model was developed and empirically tested with survey data. The results in general support our arguments. Based on the findings, we offer a few suggestions that can promote user acceptance of replacement technologies.     

Human factors in information security: The insider threat – Who can you trust these days?

This paper examines some of the key issues relating to insider threats to information security and the nature of loyalty and betrayal in the context of organisational, cultural factors and changing economic and social factors. It is recognised that insiders pose security risks due to their legitimate access to facilities and information, knowledge of the organisation and the location of valuable assets. Insiders will know how to achieve the greatest impact whilst leaving little evidence. However, organisations may not have employed effective risk management regimes to deal with the speed and scale of change, for example the rise of outsourcing. Outsourcing can lead to the fragmentation of protection barriers and controls and increase the number of people treated as full time employees. Regional and cultural differences will manifest themselves in differing security threat and risk profiles. At the same time, the recession is causing significant individual (and organisational) uncertainty and may prompt an increase in abnormal behaviour in long-term employees and managers – those traditionally most trusted – including members of the security community. In this environment, how can organisations know who to trust and how to maintain this trust?The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority is to include a focus on insiders within security risk assessments and compliance regimes. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and designed, implemented and maintained with people’s behaviour in mind. Solutions need to be agile and build and maintain trust and secure relationships over time. This requires a focus on human factors, education and awareness and greater attention on the security ‘aftercare’ of employees and third parties.     

ISMS insider intrusion prevention and detection

A wide variety of different techniques and technologies are potentially applicable for ISMS insider intrusion prevention and detection. In this report we examine three approaches that have not been reviewed in any great detail recently, namely: simulation and modelling, scenario gaming and game theory, and artificial learning technologies. We show how each of these diverse approaches might be applicable to particular corporate scenarios that may eventuate as a result of potential insider intrusions into an ISMS.     

Practical management of malicious insider threat – An enterprise CSIRT perspective

Communication and Information Systems (CIS) now form the primary information store, exchange and data analysis for all modern military and are crucial to command and control. The ubiquitousness of CIS within the military not only means that there is a complete reliance on CIS, but also presents new avenues of attack by malicious insiders. Military sources say that the insider threat is their number one security concern. This paper presents a case study of the technical counter measures and processes used to deter, detect and mitigate malicious insider threats that the author has researched, using non-classified anonymous interview and the analysis of anonymised qualitative field data, within a specific military organisation. It is not the intention of the author that this paper be viewed as an analysis of the “current state of play” of threats and countermeasures that generically exist across all military and defence organisations – rather it presents the technological and organisational processes utilised and challenges encountered at one organisation. A short discussion of the Computer Security Incident Response Team (CSIRT) structure adopted to successfully manage insider and other CIS security threats is presented, followed by a more detailed overview of existing and emerging technical efforts to deter, detect and mitigate such malicious insider threats within the military environment under study. Emphasis will be on the emerging technologies such as anomaly detection using real-time e-discovery, enterprise forensics and profiling users “cyber” behaviour and how these integrate into CSIRT technologies and processes. The technical advantages and challenges that such technologies present within a military alliance will be discussed. The success of such technologies in combating current malicious insider threat environment will be briefly compared with those put forward as challenges in the “Research on mitigating the insider threat to information systems #2” workgroup which took place in 2000 (Anderson et al., 2000.). In closing the author introduce the concept of Stateful Object Use Consequence Analysis as a way of managing the insider threat.     

Insider threat mitigation: preventing unauthorized knowledge acquisition

This paper investigates insider threat in relational database systems. It discusses the problem of inferring unauthorized information by insiders and proposes methods to prevent such threats. The paper defines various types of dependencies as well as constraints on dependencies that may be used by insiders to infer unauthorized information. It introduces the constraint and dependency graph (CDG) that represents dependencies and constraints. In addition, CDG shows the paths that insiders can follow to acquire unauthorized knowledge. Moreover, the paper presents the knowledge graph (KG) that demonstrates the knowledgebase of an insider and the amount of information that the insider has about data items. To predict and prevent insider threat, the paper defines and uses the threat prediction graph (TPG). A TPG shows the threat prediction value (TPV) of each data item in insiders’ KG, where TPV is used to raise an alert when an insider threat occurs. The paper provides solutions to prevent insider threat without limiting the availability of data items. Algorithms, theorems, proofs and experiments are provided to show the soundness, the completeness and the effectiveness of the proposed approaches.     

Investigating the relationship between perceived risks in communication and ICT-enabled communicative behaviors

We examine employees’ perceptions of communication problems in the workplace and their active communication behavioral responses when multiple information communication technologies (ICTs) are available for use. Through the lens of the situational theory of publics, we shed light on how employees adapt to increasing communication demands. We uncovered active technology-mediated behavior such as information gaining, action, and social interaction seeking, and their association with perceived risk (i.e., message, information and action). Findings suggest that technology-mediated communication behaviors are not only enabled by the use of ICTs but behavior also involves appropriate structuring of single and multiple ICTs to manage problems encountered during communication.     

Intrusion detection: Perspectives on the insider threat

A recent FBI survey reported that the average cost of a successful attack by a malicious insider is nearly 50 times greater than the cost of an external attack. Further, it is estimated that over 80% of information security incidents for the past four years are the result of insiders. Intrusion detection systems have traditionally targeted those who attack outside of trusted network boundaries. What is desperately needed are mechanisms that monitor insider activity and detect actions at the host level that may be malicious. This paper presents an overview of innovative approaches to detect malicious insiders who operate inside trusted network boundaries.     

Trust and risk in consumer acceptance of e-services

Consumers’ risk perception and trust are considered among the most important psychological states that influence online behavior. Despite the number of empirical studies that have explored the effects of trust and risk perceptions on consumer acceptance of e-services, the field remains fragmented and the posited research models are contradictory. To address this problem, we examined how trust and risk influence consumer acceptance of e-services through a meta-analysis of 67 studies, followed by tests of competing causal models. The findings confirm that trust and risk are important to e-services acceptance but that trust has a stronger effect size. We found that certain effect sizes were moderated by factors such as the consumer population under study, the type of e-service, and the object of trust under consideration. The data from the meta-analysis best supports the causal logic that positions trust as antecedent to risk perceptions. Risk partially mediates the effects of trust on acceptance.     

一种无监督的窃密攻击及时发现方法

近年来,窃密攻击成为了最严重的网络安全威胁之一.除了恶意软件,人也可以成为窃密攻击的实施主体,尤其是组织或企业的内部人员.由人实施的窃密很少留下明显的异常痕迹,给真实场景中攻击的及时发现和窃密操作的分析还原带来了挑战.提出了一个方法,将每个用户视为独立的主体,通过对比用户当前行为事件与其历史正常行为的偏差检测异常,以会话为单元的检测实现了攻击发现的及时性,采用无监督算法避免了对大量带标签数据的依赖,更能适用于真实场景.对算法检测为异常的会话,进一步提出事件链构建方法,一方面还原具体窃密操作,另一方面通过与窃密攻击模式对比,更精确地判断攻击.在卡内基梅隆大学的CERT内部威胁数据集上进行了实验,结果达到99%以上的准确率,且可以做到无漏报、低误报,证明了方法的有效性和优越性.     

An empirical study of payment technologies,the psychology of consumption,and spending behavior in a retailing context

Our study investigates differences in spending behavior among consumers using three alternative payment technologies: cash, credit cards, and stored value contactless smart cards. We provide a deeper understanding of how different payment mechanisms directly impact consumer spending behavior in a retailing context, their influences on customers’ psychology of consumption, and perceptions of payment technologies. We show that the payment process can do so by significantly affecting the subjective awareness of spending only. In contrast, the source of money can affect perceived payment security only. Both perceived security and convenience have little effect on spending behavior.     

Modeling and evaluating information leakage caused by inferences in supply chains

While information sharing can benefit supply chains significantly, it may also have an adverse effect, namely, information leakage. A limitation common to many existing solutions for preventing information leakage in supply chains is that they rely, either implicitly or explicitly, upon two unrealistic assumptions. First, what information is confidential is well known. Second, confidential information will not be revealed, if only it is not shared, regardless of how much other information is being shared. As we shall show in this paper, those assumptions are not always true due to potential information leakage caused by inferences. Specifically, we propose a conceptual model of such information leakage. The model will enable companies in a supply chain to better understand how their confidential information may be leaked through inferences. On the basis of the proposed conceptual model, we then devise a quantitative approach to evaluating the risk of information leakage caused by inferences when a given amount of information is shared. The quantitative approach will allow companies in a supply chain to measure and consequently mitigate the risk of information leakage. Finally, we discuss a case study to illustrate how the proposed approaches work in practice.     

Detecting Insider Threats: Solutions and Trends

ABSTRACT

Insider threats pose significant challenges to any organization. Many solutions have been proposed in the past to detect insider threats. Unfortunately, given the complexity of the problem and the human factors involved, many solutions which have been proposed face strict constraints and limitations when it comes to the working environment. As a result, many past insider threat solutions have in practice failed in their implementations. In this work, we review some of the recent insider threat detection solutions and explore their benefits and limitations. We also discuss insider threat issues for emerging areas such as cloud computing, virtualization, and social networking.     

Visual Supercomputing: Technologies, Applications and Challenges

If we were to have a Grid infrastructure for visualization, what technologies would be needed to build such an infrastructure, what kind of applications would benefit from it, and what challenges are we facing in order to accomplish this goal? In this survey paper, we make use of the term ‘visual supercomputing’ to encapsulate a subject domain concerning the infrastructural technology for visualization. We consider a broad range of scientific and technological advances in computer graphics and visualization, which are relevant to visual supercomputing. We identify the state‐of‐the‐art technologies that have prepared us for building such an infrastructure. We examine a collection of applications that would benefit enormously from such an infrastructure, and discuss their technical requirements. We propose a set of challenges that may guide our strategic efforts in the coming years.     

基于门禁日志挖掘的内部威胁异常行为分析

门禁系统是保护重要场所安全的重要手段,可以有效防止未授权用户的进入。然而,近年来大量案例表明重要场所的威胁主要来自于具有合法权限的内部人员。针对这个问题,提出基于门禁日志数据挖掘的内部威胁异常行为分析方法。该方法首先利用PrefixSpan算法对正常行为序列进行提取,之后计算待检测序列的序列异常度分数,并根据决策者设定的阈值来找出异常序列。通过真实门禁数据中的实验,验证了本方法可以降低精确匹配在数据较少时带来的高误报率,实现对内部人员异常行为的有效发现,为加强重要场所安全保护提供了新的途径。     

Chameleon: online learning for believable behaviors based on humans imitation in computer games

In some video games, humans and computer programs can play together, each one controlling a virtual humanoid. These computer programs usually aim at replacing missing human players; however, they partially miss their goal, as they can be easily spotted by players as being artificial. Our objective is to find a method to create programs whose behaviors cannot be told apart from players when observed playing the game. We call this kind of behavior a believable behavior. To achieve this goal, we choose models using Markov chains to generate the behaviors by imitation. Such models use probability distributions to find which decision to choose depending on the perceptions of the virtual humanoid. Then, actions are chosen depending on the perceptions and the decision. We propose a new model, called Chameleon , to enhance expressiveness and the associated imitation learning algorithm. We first organize the sensors and motors by semantic refinement and add a focus mechanism in order to improve the believability. Then, we integrate an algorithm to learn the topology of the environment that tries to best represent the use of the environment by the players. Finally, we propose an algorithm to learn parameters of the decision model. Copyright © 2013 John Wiley & Sons, Ltd.     

基于Agent的内部威胁实时检测框架

针对企业信息系统中的内部威胁行为,特别是内部用户的资源滥用行为,提出了一种基于Agent的实时检测框架,通过比较用户身份权限和异常操作行为发现恶意内部威胁行为.该框架有数据采集模块、检测模块、审计模块和响应模块构成.从身份认证、访问控制、操作审计和漏洞检测四个方面对检测系统进行功能说明,并就关键技术给出了详细介绍.应用实例证明该检测框架实现了用户实名登录、行为检测与事后审计,从根本上防止了恶意内部人员获取非法数据并提供响应和干预能力,提高了信息系统的安全性.最后,总结了内部威胁检测技术发展趋势.     

The growth of service and the service of growth: Using system dynamics to understand service quality and capital allocation

This paper discusses how system dynamics can help understand a service company's growth potential as well as its limitations. The model discussed here is being built for a European restaurant chain which grew from nothing to over 200 outlets in less than a decade. The model highlights two conflicting pressures: the need to spend on meeting customer expectations and hence build sales versus the need to meet profit targets from headquarters and thus win the capital to fund expansion. We use the model to study how management policies affect the achievable rate of growth. The issues discussed are relevant to any service based company facing the problem of maintaining and improving service quality against the pressure of performance expectations set by shareholders or corporate owners. We also briefly discuss the benefit of using such models for executive training. The model will be used as a basis for educating the emerging generation of managers who will have to cope with the tensions described in the model.