The Center for Education and Research in Information Assurance and Security (CERIAS)
The Center for Education and Research inInformation Assurance and Security (CERIAS)
Principal Investigator: Marcus Rogers
The area of insider threat and abuse has received a fair amount of attention in recent years. The core characteristic of the problem stems from the trust relationship that the attacker (insider) has with the victim (business or organization). This breach of trust is further exacerbated by the fact that often persons of trust have a high level of privilege on the systems that they attack.
The current body of research is rather weak when it comes to providing any practical means of solving the problem, other than “motherhood” statements and generic suggestions for security controls. The US Secret Service/Carniege Melon study “Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector” and the “National Infrastructure Advisory Council’s Report on The Insider Threat to Critical Infrastructures : Key Recommendations” provide some interesting observations but do little to assist in developing practical solutions for risk mitigation other than basic detective control suggestions. Technical controls continue to be important, especially when coping with insider attacks and unexpected failures. However, not all insider problems can be solely addressed with IT-based defenses.
The key to effectively dealing with the insider threat is to develop meaningful behavioral risk models that allow for an “early warning system” that identifies individuals who, through a combination of risk characteristics, stressors, and opportunities, are likely candidates to become criminal or dangerous insiders. This early warning system is predicated on understanding human behavior, personal history, operating environment, and intervention to prevent the individual from continuing down the critical path. The social/cognitive/behavioral component is a fertile area for research. In this project, we integrate our expertise in computer deviance, employee disgruntlement/work place safety, and automated psycholinguistic analysis of computer communications (email).
Other PIs: Dr. Eric Shaw
Students: Kathryn Seigfried-Spellar Kelly Cole
Rogers, M. (2010). The Psyche of Cyber Criminals: A psycho-social perspective. In Ghosh & Turrini (Eds.) Cybercrimes: A Multidisciplinary Perspective. Heidelberg, Germany: Springer-Verlag Law Division.