Combating the insider cyber threat

IEEE Security and Privacy

Volumn 6, Issue 1, 2008, Pages 61-64

  Greitzer, Frank L ^a   Moore, Andrew P ^b   Cappelli, Dawn M ^b   Andrews, Dee H ^c   Carroll, Lynn A ^d   Hull, Thomas D ^e  

^a PACIFIC NORTHWEST NATIONAL LABORATORY   (United States)

^b Software Engineering Institute

^c AIR FORCE RESEARCH LABORATORY   (United States)

^d Karta Technologies

^e OAK RIDGE INSTITUTE FOR SCIENCE AND EDUCATION   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER-BASED TRAINING SYSTEMS; POTENTIAL RISKS;

ADAPTIVE SYSTEMS; COGNITIVE SYSTEMS; PERSONNEL TRAINING; SOCIETIES AND INSTITUTIONS;

COMPUTER CRIME;

EID: 38949103680     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2008.8     Document Type: Article

References (12)

1. DoD Office of the Inspector General, DoD Management of Information Assurance Efforts to Protect Automated Information Systems, tech. report no. PO 97-049, US Dept. of Defense, Sept. 1997.
2. P.E. Doolittle and W.G. Camp, "Constructivism: The Career and Technical Education Perspective," J. Vocational and Technical Education, vol. 16, no. 1, 1999; http://scholar.lib.vt.edu/ejouruals/JVTE/ v16n1/doolittle.html.
3. F.L. Greitzer, D.J. Pond, and M. Jannotta, "Scenario-Based Training on Human Errors Contributing to Security Incidents," Proc. Interservice/Industry Training, Simulation, and Education Conf. (I/IT-SEC 04), 2004; http://ntsa.metapress.com/app/home/contribution.asp?referrer= parent&backto=issue,130,174;journal,4,8;linkingpublicatiouresults,1:113340, 1.
4. F.L. Greitzer et al., "Learning to Pull the Thread: Application of Guided-Discovery Principles to the Inquiry Process," Proc. Interservice/Industry Training, Simulation, and Education Conf. (I/ ITSEC 05), 2005;www.simsysinc.com/IITSEC/ED2005.htm#_Toc118714554.
5. F.L. Greitzer, O.A. Kuchar, and K. Huston, "Cognitive Science Implications for Enhancing Training Effectiveness in a Serious Gaming Context," ACM J. Educational Resources in Computing, vol. 7, no. 3, Article 2, August 2007; http://portal.acm.org/citation.cfm?id=1281320. 1281322&coll=&dl=ACM&idx=J814&part=journal&WantType= Journals&-title= Journal%20ou%20Educational%20Resources%20in%20Computing%20(JERIC).
6. F.L. Greitzer et al., Predictive Adaptive Classification Model for Analysis and Notification: Internal Threat, tech. report PNNL-16713, Pacific Northwest National Lab., 2007.
7. M. Keeney et al., Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors, tech. report, U.S. Secret Service and Carnegie Mellon Univ., Software Eng. Inst., 2005; www.secretservice.gov/ntac/ its_report_050516.pdf.
8. M.R. Randazzo et al., Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, tech. report no. CME/SEI-2004-TR-021, Carnegie Mellon Univ., Software Eng. Inst., 2004; www.sei.cmu.edu/publications/ documents/04.reports/04tr021.html.
9. A.P. Moore et al., "An Experience Using System Dynamics Modeling to Facilitate an Insider Threat Workshop," Proc. 25th Conf. System Dynamics Soc., The System Dynamics Society, 2007; www.cert.org/archive/pdf/ISDC2007. pdf.
10. S.R. Band et al., Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis, tech. report CMU/SEI-2006-TR-026, Carnegie-Mellon Univ., Software Eng. Inst., 2006.
11. D.M. Cappelli, A.P. Moore, and T.J. Shimeall, Common Sense Guide to Prevention/Detection of Insider Threats, tech. report, Carnegie Mellon Univ., CyLab and the Internet Security Alliance, July 2006; www.cert.org/ archive/pdf/CommonSenseInsiderThreatsV2.1-1-070118.pdf.
12. D. Cappelli et al., "Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage," Proc. 24th Conf. System Dynamics Soc., The System Dynamics Society, 2006; www.cert.org/archive/pdf/merit.pdf.