Dissertations / Theses on the topic 'Insider threat'

Malicious Insider threats consist of employees, contractors, or business partners who either have current authorized access, or have had authorized access to an organization's critical information and have intentionally misused that access in a manner that compromised the organization. Although incidents initiated by malicious insiders are fewer in number than those initiated by external threats, insider incidents are more costly on average because the threat is already trusted by the organization and often has privileged access to the organization's most sensitive information. In spite of the damage they cause there are indications that the seriousness of insider incidents are underappreciated as threats by management. The purpose of this research was to investigate who constitutes MI threats, why and how they initiate attacks, the extent to which MI activity can be modeled or predicted, and to suggest some risk mitigation strategies. The results reveal that addressing the Malicious Insider threat is much more than just a technical issue. Dealing effectively with the threat involves managing the dynamic interaction between employees, their work environment and work associates, the systems with which they interact, and organizational policies and procedures. Techniques for detecting and mitigating the threat are available and can be effectively applied. Some of the procedural and technical methods include definition of, follow through, and consistent application of corporate, and dealing with adverse events indigenous to the business environment. Other methods include conduct of a comprehensive Malicious Insider risk assessment, selective monitoring of employees in response to behavioral precursors, minimizing unknown access paths, control of the organization's production software baseline, and effective use of peer reporting.

Keywords: Cybersecurity, Professor Paul Pantani, CERT, insider, threat, IDS, SIEMS. FIM, RBAC, ABAC, behavioral, peer, precursors, access, authentication, predictive, analytics, system, dynamics, demographics.

Insider threat by employees in organizations is a problematic issue in today’s fast-paced, internet-driven society. Gone are the days when securing the perimeter of one’s network protected their business. Security threats are now mobile, and employees have the ability to share sensitive business data with hundreds of people instantaneously from mobile devices. While prior research has addressed social networking topics such as trust in relation to information systems, the use of social networking sites, social networking security, and social networking sharing, there is a lack of research in the mindfulness of users who spill sensitive data contained within images posted on social networking sites (SNS). The author seeks to provide an understanding of how non-malicious spillage through images relates to the mindfulness of employees, who are also deemed insiders. Specifically, it explores the relationships between the following variables: mindfulness, proprietary information spillage, and spillage of personally identifiable information (PII). A quasi-experimental study was designed, which was correlational in nature. Individuals were the unit of analysis. A sample population of business managers with SNS accounts were studied. A series of video vignettes were used to measure mindfulness. Surveys were used as a tool to collect and analyze data. There was a positive correlation between non-malicious spillage of sensitive business, both personally identifiable information and proprietary data, and a lack of mindfulness.

The National Infrastructure Advisory Council (NAIC) reports that "...preventing all insider threats is neither possible nor economically feasible..." because the threat is already behind perimeter defenses and often know exactly where vulnerabilities exist within organizations (Cline, 2016). The purpose of this research was to determine the prevalence of malicious and unintentional insider threats. Statistically, the numbers support the idea that insider threats are increasing and occurring more frequently. The true numbers, which only account for the incidents that were reported, may be higher than originally expected. The statistical numbers are likely to much higher because organizations fear reputational damage and client loss. Organizations give reasons such as not enough evidence for conviction or too hard to prove guilt. The result of the paper indicates that companies focus most of their resources on external threats and not the insider threat that is costlier to remediate and considered the most damaging of all threats. The research focuses on malicious and unintentional insider threats and how they are different. A 2018 Crowd Research Partners report found 90% of organizations believe they are vulnerable to insider attacks, while 53% of businesses confirmed they had experienced an insider threat in the past 12 months (Crowd Research Partners, 2017a). The insider threat is hard to manage because an organization not only need worry about their own employees they also must monitor and manage third-party vendors, partners, and contractors. However, with a combination of technical and nontechnical solutions, including an insider threat program, companies can detect, deter, prevent or at least reduce the impacts of insider threats. Abstract The National Infrastructure Advisory Council (NAIC) reports that "...preventing all insider threats is neither possible nor economically feasible..." because the threat is already behind perimeter defenses and often know exactly where vulnerabilities exist within organizations (Cline, 2016). The purpose of this research was to determine the prevalence of malicious and unintentional insider threats. Statistically, the numbers support the idea that insider threats are increasing and occurring more frequently. The true numbers, which only account for the incidents that were reported, may be higher than originally expected. The statistical numbers are likely to much higher because organizations fear reputational damage and client loss. Organizations give reasons such as not enough evidence for conviction or too hard to prove guilt. The result of the paper indicates that companies focus most of their resources on external threats and not the insider threat that is costlier to remediate and considered the most damaging of all threats. The research focuses on malicious and unintentional insider threats and how they are different. A 2018 Crowd Research Partners report found 90% of organizations believe they are vulnerable to insider attacks, while 53% of businesses confirmed they had experienced an insider threat in the past 12 months (Crowd Research Partners, 2017a). The insider threat is hard to manage because an organization not only need worry about their own employees they also must monitor and manage third-party vendors, partners, and contractors. However, with a combination of technical and nontechnical solutions, including an insider threat program, companies can detect, deter, prevent or at least reduce the impacts of insider threats.

Corporations try to defend themselves against outsider threats, but insider threats can be just as devastating. Insiders have an understanding of their organization’s critical assets, physical access to computers, and more privileges than their outside counterparts. This paper will outline three different areas of accessibility issues that insiders can take advantage of in order to leak sensitive information; exfiltration methods, encryption, and corporate considerations of best practices. Data exfiltration focuses on the different techniques that insiders can use to transfer sensitive information. The research outlines how exfiltration has evolved into more sophisticated techniques, but concludes that rudimentary methods associated with external storage devices are still prominently used. Data encryption, if applied properly, can protect sensitive information from unauthorized access, but also creates problems that corporations will have to address. Work productivity can be halted by encryption techniques, causing employees to bypass these systems. Historical cyber attacks show that managing encryption keys are equally important as managing encrypted data, but encryption can still be dismantled through brute force attacks. Corporations will have to make decisions on which best practice methods to choose from in order to defend themselves against insider attacks. Some of these considerations include: risk assessments, employee training, monitoring, password management, data management, and BYOD considerations. Improper utilization of these practices can allow information to be stolen by insiders, but if applied properly, can mitigate the accessibility of insiders. Keywords: insider threats; data exfiltration; Cybersecurity; Professor Christopher Riddell; encryption.

Increasingly, organizations are at risk of data breaches due to corporate insider threats. Insiders, in fact, are the biggest threat to corporate data assets and are evading traditional cybersecurity countermeasures. The volume of big data makes insider threat detection more difficult. Conversely big data security analytics (BDSA) enables the detection of anomalous behavior patterns within large datasets in real time, offering organizations potentially a more effective cybersecurity countermeasure for detecting insider threats. However, there was a gap in the literature about what was known about information technology (IT) professionals’ behavioral intentions (BIs) to adopt BDSA. The overarching management question of this study was whether IT professionals’ BIs to adopt BDSA were influenced by perceived usefulness (PU) and perceived ease of use (PEOU). This management question led to the investigation of three research questions: The first was if there was a statistically significant relationship between PU and an IT professional’s BI to adopt BDSA. The second was if there was a statistically significant relationship between PEOU and an IT professional’s BI to adopt BDSA. And, the third was does an IT professional’s PEOU of BDSA influence the PU of BDSA. The study used a quantitative, nonexperimental, research design with the technology acceptance model (TAM) as the theoretical framework. Participants included 110 IT professionals with five or more years of experience in the IT field. A Fast Form Approach to Measuring Technology Acceptance and Other Constructs was used to collect data. The instrument had 12 items that used (a) semantic differential scales that ranged in value from -4 to +4 and (b) bipolar labels to measure the two independent variables, PU and PEOU. Multiple linear regression was used to measure the significance of the relationship between PU and BI, and PEOU and BI. Also measured was the moderating effect of the independent variable, PEOU, on the dependent variable, PU. Finally, multivariate adaptive regression splines (MARS) measured the predictive power of the TAM. The findings of this study indicate a statistically significant relationship between PU and an IT professional’s BI to adopt BDSA and a statistically significant relationship between PEOU and PU. However, there was no statistically significant relationship between PEOU and an IT professional’s BI to adopt BDSA. The MARS analysis indicated the TAM had strong predictive power. The practical implications of this study inform IT practitioners on the importance of technology usefulness. In the case of BDSA, the computational outcome must be reliable and provide value. Also, given the challenges of developing and effectively using BDSA, addressing the issue of ease of use may be important for IT practitioners to adopt and use BDSA. Moreover, as an IT practitioner gains experience with BDSA, the ability to extract value from big data influences PEOU and strengthens its relationship with PU.

The European Court of Justice (ECJ) has long been recognized as a major engine behind the European integration project for its role in passing judgments expanding the powers and scope of the European Community, while member states have consistently reacted negatively to judgments limiting their sovereignty or granting the Community new powers. It is this interplay between the Court and member state interests that cause the ECJ to pose a threat to the future of integration. Using a combined framework of neofunctionalism and rational choice new institutionalism, six landmark cases and the events surrounding them are studied, revealing the motivations behind the Court’s and member states’ actions. From the analysis of these cases is created a set of criteria which can be used to predict when the ECJ will make an activist decision broadening the powers of the Community at the expense of the member states as well as when, and how, member states will respond negatively.