Fariborz Farahmand - Purdue University
Feb 09, 2011
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Understanding insiders: An analysis of risk-taking behavior *"
There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders’ perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders.
About the Speaker
Fariborz Farahmand received his Ph.D. in information and computer science from the Georgia Institute of Technology. He is a faculty fellow and a research assistant professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He has received several awards for excellence in scholarship and education, including a fellowship from the Institution for Information Infrastructure Protection (I3P). His research interests are in behavioral economics and its applications in information systems, security and privacy of information systems, vulnerability and risk assessment of information systems, and technology policy.
*For full review of this work please visit: Fariborz Farahmand, Eugene H. Spafford, “Understanding Insiders: An Analysis of Risk- Taking Behavior,” Information Systems
Frontiers, Springer Publications, to appear 2011, 11 pages (Available online at: http://www.springerlink.com/content/t2g2836u1712474w/)
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...