CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Understanding insiders: An analysis of risk-taking behavior *

Fariborz Farahmand - Purdue University

Feb 09, 2011

Size: 442.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders’ perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders.

About the Speaker

Fariborz Farahmand received his Ph.D. in information and computer science from the Georgia Institute of Technology. He is a faculty fellow and a research assistant professor at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. He has received several awards for excellence in scholarship and education, including a fellowship from the Institution for Information Infrastructure Protection (I3P). His research interests are in behavioral economics and its applications in information systems, security and privacy of information systems, vulnerability and risk assessment of information systems, and technology policy.

*For full review of this work please visit: Fariborz Farahmand, Eugene H. Spafford, “Understanding Insiders: An Analysis of Risk- Taking Behavior,” Information Systems
Frontiers, Springer Publications, to appear 2011, 11 pages (Available online at: http://www.springerlink.com/content/t2g2836u1712474w/)

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.