Toward a generic model of security in an organizational context: Exploring insider threats to information infrastructure

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn , Issue , 2008, Pages

  Martinez Moyano, Ignacio J ^a   Samsa, Michael E ^a   Burke, James F ^a   Akcam, Bahadir K ^b  

^a ARGONNE NATIONAL LABORATORY   (United States)

^b STATE UNIVERSITY OF NEW YORK   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

GENERIC MODELLING; INFORMATION SECURITY; SYSTEM SCIENCES;

INFORMATION SERVICES;

EID: 51449110013     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2008.456     Document Type: Conference Paper

References (40)

1. Andersen, D. F., D. Cappelli, J. J. Gonzalez, M. Mojtahedzadeh, A. Moore, E. Rich, J. M. Sarriegui, T. J. Shimeall, J. Stanton, E. Weaver, and A. Zagonel. "Preliminary System Dynamics Maps of the Insider Cyber-threat Problem". Paper read at the Proceedings of the 22nd International Conference of the System Dynamics Society, Oxford, UK, 2004.
2. Briney, A. The 2001 Information Security Industry Survey 2002 [cited October 20 2002. Available from http://www.infosecuritymag.com/ archives2001.shtml#october2001.
3. Burke, J. F., I. J. Martinez-Moyano, and B. K. Akcam. 2007. Modeling National Security Changes from Military Operations: CT Scan Overview. In 75th Military Operations Research Society Symposium. Annapolis, MD.
4. Bush, B. W., L. R. Dauelsberg, R. J. LeClaire, D. R. Powell, S. M. DeLand, and M. E. Samsa. 2005. Critical Infrastructure Protection Decision Support System (CIPDSS) Project Overview. In Proceedings of the 23rd International Conference of the System Dynamics Society. Boston, MA.
5. Camerer, C., and T.-H. Ho, "Experienced-Weighted Attraction Learning in Normal Games", Econometrica, 67 (4), 1999, pp. 827-874.
6. Cooke, D. L., "A System Dynamics Analysis of the Westray Mine Disaster", System Dynamics Review, 19 (2), 2003, pp. 139-166.
7. Davis, D. W., and B. D. Silver, "Civil Liberties vs. Security: Public Opinion in the Context of the Terrorist Attacks on America", American Journal of Political Science, 48 (1), 2004, pp. 28-46.
8. Dhillon, G., "Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns", Computers and Society, 20 (2), 2001, pp. 165-172.
9. Dhillon, G., and S. Moores, "Computer Crimes: Theorizing about the Enemy Within", Computers and Society, 20 (8), 2001, pp. 715-723.
10. Erev, I., "Signal Detection by Human Observers: A Cutoff Reinforcement Learning Model of Categorization Decisions under Uncertainty", Psychological Review, 105, 1998, pp. 280-298.
11. Erev, I., D. Gopher, R. Itkin, and Y. Greenshpan, "Toward a Generalization of Signal Detection Theory to N-Person Games: The Example of Two-Person Safety Problem", Journal of Mathematical Psychology, 39, 1995, pp. 360-375.
12. Forrester, J. W., Industrial Dynamics, Productivity Press, Cambridge MA, 1961.
13. Gonzalez, J. J., ed. From Modeling to Managing Security: A System Dynamics Approach. Høyskoleforlaget / Norwegian Academic Press. Kristiansand, Norway. 2003.
14. Gonzalez, J. J., and A. Sawicka. "Modeling Instrumental Conditioning - The Behavioral Regulation Approach". Paper read at the 36th Hawaii International Conference on System Sciences (HICSS 36), Big Island, Hawaii, 2003.
15. _. "The Role of Learning and Risk Perception in Compliance". In From Modeling to Managing Security: A System Dynamics Approach, edited by J. J. Gonzalez. Høyskoleforlaget / Norwegian Academic Press. Kristiansand, Norway. 2003.
16. Hammond, K. R., Judgments under Stress, Oxford University Press, New York, NY, 2000.
17. Klayman, J., "Learning from Feedback in Probabilistic Environments", Acta Psychologica, 56, 1984, pp. 81-92.
18. _, "Cue Discovery in Probabilistic Environments: Uncertainty and Experimentation", Learning, Memory, and Cognition, 14 (2), 1988, pp. 317-330.
19. _. "On the How and Why (Not) of Learning from Outcomes". In Human Judgment: The SJT View, edited by B. Brehmer and C. R. B. Joyce. Nort-Holland. Amsterdam. 1988.
20. Kolb, D. A., Experiential Learning: Experience as the Source of Learning and Development, Prentice-Hall, New York, 1984.
21. LeClaire, R. J., and G. O'Reilly. 2005. Leveraging a high fidelity switched network model to inform a SD model of the telecommunications infrastructure. In Proceedings of the 23rd International Conference of the System Dynamics Society. Boston, MA.
22. Martinez-Moyano, I. J., S. H. Conrad, and D. F. Andersen. "An Outcome-based Learning Model to Identify Emerging Threats: Experimental and Simulation Results". Paper read at the 40th Annual Hawaii International Conference on System Sciences (HICSS'07), Hawaii, HI, 2007.
23. Martinez-Moyano, I. J., E. H. Rich, S. H. Conrad, and D. F. Andersen. "Modeling the Emergence of Insider Threat Vulnerabilities". Paper read at the Winter Simulation Conference, Monterrey, CA, 2006.
24. Martinez-Moyano, I. J., E. H. Rich, S. H. Conrad, D. F. Andersen, and T. R. Stewart, "A Behavioral Theory of Insider-Threat Risks: A System Dynamics Approach", Transactions on Modeling and Computer Simulation, Forthcoming, pp. 1-36.
25. Martinez-Moyano, I. J., E. H. Rich, S. H. Conrad, T. Stewart, and D. F. Andersen. 2006. Integrating Judgment and Outcome Decomposition: Exploring Outcome-based Learning Dynamics. In International Conference of the System Dynamics Society. Nijmegen, The Netherlands.
26. Melara, C., J. M. Sarriegui, J. J. Gonzalez, A. Sawicka, and D. L. Cooke. "A System Dynamics Model of an Insider Attack on an Information System". In From Modeling to Managing Security: A System Dynamics Approach, edited by J. J. Gonzalez. Høyskoleforlaget AS - Norwegian Academic Press. Kristiansand, Norway. 2003.
27. Mitnick, K. D., and W. L. Simon, The Art of Deception : Controlling the Human Element of Security, Wiley Publishing, Indianapolis, IN, 2002.
28. Powell, D. R., J. Fair, R. J. LeClaire, L. M. Moore, and D. R. Thompson. 2005. Sensitivity Analysis of an Infectious Disease Model. In Proceedings of the 23rd International Conference of the System Dynamics Society. Boston, MA.
29. Randazzo, M. R., M. Keeney, E. Kowalski, D. Cappelli, and A. Moore. 2004. Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector: CERT and the National Threat Assessment Center.
30. Rich, E., I. J. Martinez-Moyano, S. Conrad, A. P. Moore, D. M. Cappelli, T. J. Shimeall, D. F. Andersen, J. J. Gonzalez, R. J. Ellison, H. F. Lipson, D. A. Mundie, J. M. Sarriegui, A. Sawicka, T. R. Stewart, J. M. Torres, E. A. Weaver, J. Wiik, and A. A. Zagonel. "Simulating Insider Cyber-threat Risks: A Model-based Case and a Case-based Model". Paper read at the International Conference of the System Dynamics Society, Cambridge, MA, 2005.
31. Richardson, G. P., and A. L. Pugh, III, Introduction to System Dynamics Modeling with DYNAMO, Productivity Press, Cambridge MA, 1981.
32. Samsa, M. E., D. R. Powell, R. LeClaire, Y. Chang, P. Klare, I. J. Martinez-Moyano, S. Folga, and S. M. DeLand. 2007. CIPDSS Chemical Threat Capabilities Case Study: Summary Report. In LA-UR-07-2382. Los Alamos, NM: Los Alamos National Laboratory.
33. Schneier, B., Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, New York, NY, 2000.
34. Schultz, E., "A Framework for Understanding and Predicting Insider Attacks", Computers and Society, 21 (6), 2002, pp. 526-531.
35. Schultz, E., and R. Shumway, Incident Response: A Strategic Guide to Handling System and Network Security Breaches, New Riders, Indianapolis, IN, 2001.
36. Senge, P. M., The Fifth Discipline: The Art and Practice of the Learning Organization. Revised edition, Currency Doubleday, New York, NY, 2006.
37. Sterman, J. D., Business Dynamics: Systems Thinking and Modeling for a Complex World, Irwin McGraw-Hill, Boston MA, 2000.
38. United States House of Representatives, Health Insurance Portability and Accountability Act, United States Government Printing Office, Washington, 2002.
39. United States House of Representatives Committee on Financial Services, The Corporate Accountability, Responsibility, and Transparency Act of 2002, United States Government Printing Office, Washington, 2002.
40. _, Sarbanes-Oxley Act, United States Government Printing Office, Washington, 2002.