Marc Dupuis
ABSTRACT
Insider threats remain a significant problem within organizations, especially as industries that rely on technology continue to grow. Traditionally, research has been focused on the malicious insider; someone that intentionally seeks to perform a malicious act against the organization that trusts him or her. While this research is important, more commonly organizations are the victims of non-malicious insiders. These are trusted employees that are not seeking to cause harm to their employer; rather, they misuse systems-either intentional or unintentionally-that results in some harm to the organization. In this paper, we look at both by developing and validating instruments to measure the behavior and circumstances of a malicious insider versus a non-malicious insider. We found that in many respects their psychological profiles are very similar. The results are also consistent with other research on the malicious insider from a personality standpoint. We expand this and also find that trait negative affect, both its higher order dimension and the lower order dimensions, are highly correlated with insider threat behavior and circumstances. This paper makes four significant contributions: 1) Development and validation of survey instruments designed to measure the insider threat; 2) Comparison of the malicious insider with the non-malicious insider; 3) Inclusion of trait affect as part of the psychological profile of an insider; 4) Inclusion of a measure for financial well-being, and 5) The successful use of survey research to examine the insider threat problem.
- M. Maasberg, J. Warren, and N. L. Beebe, "The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits," in System Sciences (HICSS), 2015 48th Hawaii International Conference on, 2015, pp. 3518--3526. Google Scholar
Digital Library
- C. Grebitus, J. L. Lusk, and R. M. Nayga, "Explaining differences in real and hypothetical experimental auctions and choice experiments with personality," J. Econ. Psychol., vol. 36, pp. 11--26, 2013.Google ScholarCross Ref
- F. L. Greitzer, L. J. Kangas, C. F. Noonan, A. C. Dalton, and R. E. Hohimer, "Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats," in System Science (HICSS), 2012 45th Hawaii International Conference on, 2012, pp. 2392--2401. Google ScholarDigital Library
- C. Colwill, "Human factors in information security: The insider threat" Who can you trust these days?, Inf. Secur. Tech. Rep., vol. 14, no. 4, pp. 186--196, Nov. 2009. Google ScholarDigital Library
- V. Benet-Martínez and O. P. John, "Los Cinco Grandes across cultures and ethnic groups: Multitrait-multimethod analyses of the Big Five in Spanish and English.," J. Pers. Soc. Psychol., vol. 75, no. 3, p. 729, 1998.Google ScholarCross Ref
- O. P. John, E. M. Donahue, and R. L. Kentle, "The big five inventory-versions 4a and 54," Berkeley Univ. Calif. Berkeley Inst. Personal. Soc. Res., 1991.Google Scholar
- O. P. John, L. P. Naumann, and C. J. Soto, "Paradigm shift to the integrative big five trait taxonomy," Handb. Personal. Theory Res., vol. 3, pp. 114--158, 2008.Google Scholar
- J. D'Arcy, A. Hovav, and D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Info Sys Res., vol. 20, no. 1, pp. 79--98, 2009. Google ScholarDigital Library
- M. Voors, T. Turley, A. Kontoleon, E. Bulte, and J. A. List, "Exploring whether behavior in context-free experiments is predictive of behavior in the field: Evidence from lab and field experiments in rural Sierra Leone," Econ. Lett., vol. 114, no. 3, pp. 308--311, Mar. 2012.Google ScholarCross Ref
- D. F. Grös, M. M. Antony, L. J. Simms, and R. E. McCabe, "Psychometric properties of the State-Trait Inventory for Cognitive and Somatic Anxiety (STICSA): Comparison to the State-Trait Anxiety Inventory (STAI).," Psychol. Assess., vol. 19, no. 4, pp. 369--381, Dec. 2007.Google ScholarCross Ref
- D. Watson, L. A. Clark, and A. Tellegen, "Development and Validation of Brief Measures of Positive and Negative Affect: The PANAS Scales," J. Pers. Soc. Psychol., vol. 54, no. 6, pp. 1063--1070, Jun. 1988.Google ScholarCross Ref
- D. Watson and L. Walker, "The long-term stability and predictive validity of trait measures of affect.," J. Pers. Soc. Psychol., vol. 70, no. 3, pp. 567--77, 1996.Google ScholarCross Ref
- S. Brown, K. Taylor, and S. Wheatley Price, "Debt and distress: Evaluating the psychological cost of credit," J. Econ. Psychol., vol. 26, no. 5, pp. 642--663, Oct. 2005.Google ScholarCross Ref
- L. Wang, W. Lu, and N. K. Malhotra, "Demographics, attitude, personality and credit card features correlate with credit card debt: A view from China," J. Econ. Psychol., vol. 32, no. 1, pp. 179--193, 2011.Google ScholarCross Ref
- A. D. Prawitz, E. T. Garman, B. Sorhaindo, B. O'Neill, J. Kim, and P. Drentea, "InCharge financial distress/financial well-being scale: Development, administration, and score interpretation," J. Financ. Couns. Plan., vol. 17, no. 1, 2006.Google Scholar
- M. Theoharidou, S. Kokolakis, M. Karyda, and E. Kiountouzis, "The insider threat to information systems and the effectiveness of ISO17799," Comput. Secur., vol. 24, no. 6, pp. 472--484, Sep. 2005. Google ScholarDigital Library
- F. L. Greitzer and D. A. Frincke, "Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation," in Insider Threats in Cyber Security, Springer, 2010, pp. 85--113.Google Scholar
- M. Dupuis, B. Endicott-Popovsky, and R. Crossler, "An Analysis of the Use of Amazon's Mechanical Turk for Survey Research in the Cloud," presented at the International Conference on Cloud Security Management, Seattle, Washington, 2013.Google Scholar
- G. A. Churchill, "A paradigm for developing better measures of marketing constructs.," J. Mark. Res., vol. 16, no. 1, pp. 64--73, 1979.Google ScholarCross Ref
- D. W. Straub, "Validating Instruments in MIS Research.," MIS Q., vol. 13, no. 2, 1989. Google ScholarDigital Library
- C. Duffield, "The Delphi Technique," Aust. J. Adv. Nurs. Q. Publ. R. Aust. Nurs. Fed., vol. 6, no. 2, 1988.Google Scholar
- F. Hasson, S. Keeney, and H. McKenna, "Research Guidelines for the Delphi Survey Technique," J. Adv. Nurs., vol. 32, no. 4, pp. 1008--1015, 2000.Google Scholar
- D. Krathwohl, Methods of educational and social science research?: an integrated approach, 2nd ed. Long Grove Ill.: Waveland Press, 2004.Google Scholar
- P. Housen, "What the Resident Meant to Say: Use of Cognitive Interviewing Techniques to Develop Questionnaires for Nursing Home Residents," Gerontologist, vol. 48, no. 2, pp. 158--169, 2008.Google ScholarCross Ref
- M. Rosal, E. Carbone, and K. V. Goins, "Use of cognitive interviewing to adapt measurement instruments for low-literate Hispanics.," Diabetes Educ., vol. 29, no. 6, 2003.Google Scholar
- D. Watson and L. A. Clark, "The PANAS-X: Manual for the Positive and Negative Affect Schedule - Expanded Form." University of Iowa, 1994.Google Scholar
Index Terms
- Curiosity Killed the Organization: A Psychological Comparison between Malicious and Non-Malicious Insiders and the Insider Threat
Recommendations
A pattern for increased monitoring for intellectual property theft by departing insiders
PLoP '11: Proceedings of the 18th Conference on Pattern Languages of ProgramsA research project at the CERT® Program is identifying enterprise architectural patterns to protect against the insider threat to organizations. This paper presents an example of such a pattern---Increased Monitoring for Intellectual Property (IP) Theft ...
The justification of a pattern for detecting intellectual property theft by departing insiders
PLoP '12: Proceedings of the 19th Conference on Pattern Languages of ProgramsThis paper describes an analysis that justifies applying the pattern "Increased Review for Intellectual Property (IP) Theft by Departing Insiders." The pattern helps organizations plan, prepare, and implement a strategy to mitigate the risk of insider ...
Insiders Behaving Badly
This column goes beyond previous insider analyses to identify a framework for a taxonomy of insider threats including both malicious and inadvertent actions by insiders that put organizations or their resources at some risk. The framework includes ...
Comments