Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Fariborz Farahmand - Purdue University

Students: Spring 2022, unless noted otherwise, sessions will be virtual on Zoom.

Understanding insiders: An analysis of risk-taking behavior *

Feb 09, 2011

Download: Video Icon MP4 Video Size: 442.2MB  
Watch on Youtube Watch on YouTube


There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders’ perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders.

About the Speaker

Fariborz Farahmand received his Ph.D. in information and computer science from the Georgia Institute of Technology. He is a faculty fellow and a research assistant professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He has received several awards for excellence in scholarship and education, including a fellowship from the Institution for Information Infrastructure Protection (I3P). His research interests are in behavioral economics and its applications in information systems, security and privacy of information systems, vulnerability and risk assessment of information systems, and technology policy.

*For full review of this work please visit: Fariborz Farahmand, Eugene H. Spafford, “Understanding Insiders: An Analysis of Risk- Taking Behavior,” Information Systems
Frontiers, Springer Publications, to appear 2011, 11 pages (Available online at:

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!