Insiders behaving badly: Addressing bad actors and their actions

IEEE Transactions on Information Forensics and Security

Volumn 5, Issue 1, 2010, Pages 169-179

  Pfleeger, Shari Lawrence ^a   Predd, Joel B ^a   Hunker, Jeffrey ^b   Bulford, Carla ^b  

^a RAND CORPORATION   (United States)

^b Jeffrey Hunker Associates LLC   (United States)

Author keywords

Cyber crime; Cyber security; Insider threat

Indexed keywords

CYBER SECURITY; CYBER-CRIMES; HARD DRIVES; INSIDER THREAT; REAL EXAMPLE;

NETWORK SECURITY; TAXONOMIES;

CRIME;

EID: 77249177144     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2009.2039591     Document Type: Article

References (48)

1. Fraud and related activity in connection with access devices 18 U.S. Code Sec. 1029.
2. Fraud and related activity in connection with computers 18 U.S. Code Sec. 1030.
3. Theft of criminal trade secrets 18 U.S. Code, pp. 1831-1839.
4. K. G. Allred, , R. J. Bies, R. J. Lewicki, and B. H. Sheppard, Eds., "Anger driven retaliation: Toward an understanding of impassioned conflict in organizations," in Research on Negotiations in Organizations. Greenwich, CT: JAI Press, 1999, vol.7.
5. "An e-mail chain reaction," N.Y. Times (National Section) Oct. 4, 2007 [Online]. Available: http://www.nytimes.com/2007/10/04/us/04bsecure. html?ref=us
6. R. H. Anderson, Research and development initiatives focused on preventing, detecting, and responding to insider misuse of critical defense information systems: Results of a Three-Day Workshop. RAND, CF-151-OSD, 1999.
7. R. H. Anderson et al., Research on mitigating the insider threat to information systems #2. Proc.Workshop. RAND, CF-163-DARPA, Aug. 2000.
8. K. Aquino, T. M. Tripp, and R. J. Bies, "How employees respond to personal offense: The effects of blame attrribution, victim status, and offender status on revenge and reconciliation in theworkplace," J. Appl. Psychol., vol.86, no.1, pp. 52-59, 2001.
9. Binney v. Banner Therapy Products 631 S.E. 2d 848 (2006), 850 (North Carolina Court of Appeals).
10. M. Bishop, "Panel: The insider problem revisited," in Proc. 2005 New Security Paradigms Workshop, Lake Arrowhead, CA, 2005.
11. M. Bishop, "Position: The insider is relative," in Proc. New Security Paradigms Workshop, 2005 [Online]. Available: http://nob.cs.ucdavis. edu/bishop/papers/2005-nspw-2, Position Paper
12. M. Bishop, D. Gollman, J. Hunker, and C. Probst, Countering Insider Threats [Online]. Available: http://www.dagstuhl.de/de/programm/ kalender/semhp/?semnr=2008302
13. R. C. Brackney and R. H. Anderson, Understanding the Insider Threat: Proc. Mar. 2004 Workshop. RAND, CF-196-ARDA, 2004.
14. J. W. Butts, R. F. Mills, and R. O. Baldwin, "Developing an insider threat model using functional decomposition," in Proc. 2nd Int. Workshop Mathematical Methods, Models and Architectures for Computer Networks Security (MMM-CNS), St. Petersburg, Russia, Sep. 2005.
15. R. Chinchani, A. Iyer, H. Ngo, and S. Upadhyaya, "Towards a theory of insider threat assessment," in Proc. 2005 Int. Conf. Dependable Systems and Networks, Yokohama, Japan, Jun. 28-July 1 2005, pp. 108-117.
16. Computer Crime and Security Survey Computer Security Institute, 2007, pp. 12-13.
17. D. De Cremer, "Unfair treatment and revenge taking: The roles of collective identification and feelings of disappointment," American Psychological Association: Group Dynamics: Theory, Research and Practice, vol.10, no.3, pp. 220-232, 2006.
18. Final Report of the Insider Threat Integrated Process Team. U.S. Department of Defense. Office of the Assistant Secretary of Defense (Command, Control, Communications, and Intelligence), Apr. 24, 2000, DoD Insider Threat Mitigation.
19. EF Cultural Travel BV v. Explorica, Inc. 274 F.3d 577, 582 n. 10 (1st Circ. 2001), .
20. N. Einwechter, Preventing and Detecting Insider Attacks Using IDS 2002 [Online].Available: http://www.security focus.com/infocus/1558
21. M. S. Feldman and B. T. Pentland, "Reconceptualizing organizational routines as a source of flexibility and change," Admin. Sci. Quart., vol.48, no.1, pp. 94-118, Mar. 2003.
22. B. Fenton, "FBI spy who sold out to Russia did megaton damage," The Telegraph Jun. 19, 2001 [Online]. Available: http://www.telegraph. co.uk/news/main.jhtml?xml=/news/2001/02/21/wspy21.xml
23. S. Gaudin, "The Omega Files," Network World Jun. 6, 2000 [Online]. Available: http://www.networkworld.com/research/2000/0626feat. html
24. D. Harper, "Spotlight abuse, save profits," Industrial Distribution, vol.79, pp. 47-51, 1990.
25. R. Hasen, S. Myagmar, A. J. Lee, and W. Yurcik, "Toward a threat model for storage systems," in Proc. 2005 ACM Workshop on Storage Security and Survivability (StorageSS'05), 2005, pp. 94-102, ACM.
26. N. Hu, P. G. Badford, and J. Liu, "Applying role based access control and genetic algorithms to insider threat detection," in Proc. 44th Annual Southeast Regional Conf. (ACM-SE 44),NewYork, 2006, pp. 790-791.
27. D. Keating, "Tax suspects guidance on software left D.C. at risk," Washington Post, p. A01, Jun. 10, 2008.
28. M. Keeney, E. Kowalski, D. Cappelli, A. Moore, T. Shimeall, and S. Rogers, Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. U.S. Secret Service and CERT Coordination Center/SEI, May 2005.
29. N. Leveson and C. Turner, "An investigation of the Therac-25 accidents," IEEE Computer, vol.26, no.7, pp. 18-41, Jul. 1993.
30. E. Lipton, "Security bulletin problem creates message flood," New York Times (National Section) Oct. 4, 2007 [Online]. Available: http://www. nytimes.com/2007/10/04/us/04bsecure.html?ref=us
31. G. B. Magklaras and S. M. Furnell, "Insider threat prediction tool: Evaluating the probability of IT misuse," Comput. Security, vol.21, no.1, pp. 62-73, 2002.
32. M. J. Martinko and K. L. Zellars, "Toward a theory of workplace violence: A cognitive appraisal perspective," in Dysfunctional Behavior in Organizations: Violent and Deviant Behavior, R. W. Griffin, A. O'Leary-Kelly, and J. M. Collins, Eds. Greenwich, CT: JAI Press, 1998, pp. 1-42.
33. C. Melara, J. M. Sarriegui, J. Gonsalez, A. Sawicka, and D. Cook, "A system dynamic model of an insider attack on an information system," in From Modeling to Managing Security: A System Dynamics Approach, J. J. Gonsalez, Ed. Kristiansand, Norway: Norwegian Academic Press, 2003.
34. P. G. Neumann, "The challenges of insider misuse," in SRI Computer Science Laboratory. Paper Prepared for the Workshop on Preventing, Detecting, and Responding to Malicious Insider Abuse, Santa Monica, Aug. 16-18, 1999, p. 3 [Online]. Available: http://www.csl.sri.com/ users/neumann/pgn- misuse.html, RAND
35. K. Oanh Ha, "Silicon Valley a hotbed of economic espionage?," Oakland Tribune, MEDIANEWS Sep. 29, 2006 [Online]. Available: http://findarticles.com/p/articles/mi-qn4176/is-20060929/ ai-n16764129/pg-1
36. J. S. Park and S. M. Ho, "Composite role-based monitoring (CRBM) for countering insider threats," in Symp. Intelligence and Security Informatics, Tucson, AZ, Jun. 2004.
37. S. Pramanik, V. Sankaranarayanan, and S. Upadhyaya, "Security policies to mitigate insider threat in the document control domain," in Proc. 20th Ann. Security Applications Conf. (ACSAC'04), Tucson, AZ, Dec. 6-10, 2004, pp. 304-313.
38. R. Ramanumam and P. S. Goodman, "Latent errors and adverse organizational consequences: A conceptualization," J. Organization Behavior, vol.24, no.7, pp. 815-831, Nov. 2003, Chichester.
39. M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore, Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. U.S. Secret Service and CERT Coordination Center, 2004.
40. S. L. Robinson and J. Greenberg, "Employees Behaving Badly: Dimensions, Determinants and Dilemmas in the Study ofWorkplace Deviance," in Trends in Organizational Behavior, C. L. Cooper and D. M. Rousseau, Eds. Hoboken, NJ: Wiley, 1998, vol.5, pp. 1-30.
41. M. Sageman, Understanding Terrorist Networks. : University of Pennsylvania Press, 2004.
42. E. E. Schultz and R. Shumway, Incident Response: A Strategic Guide for System and Network Security Breaches. Indianapolis: New Riders, 2001, p. 189.
43. E. E. Schultz, "A framework for understanding and predicting insider attacks," Comput. Security, vol.21, no.6, pp. 525-531, Oct. 2002.
44. SecureInfo Corp. v. Telos Corp. E. District, VA, 387 F. Suppp. 2d 593, 2005.
45. G. Skinner, S. Han, and E. Chang, "A framework of privacy shield in organizational information systems," in IEEE Computer Society, Proc. Int. Conf. Mobile Businesses (ICMB'05), Sydney, Australia, Jul. 11-13, 2005.
46. A. P. Sloan,My YearsWith General Motors. NewYork:Viking, 1991.
47. United States v. Lan Lee andYuefei Ge. Northern District of California, Case 5:06-cr-00424-JW, Indictment, Jun. 15, 2006.
48. N. Einwechter, Preventing and Detecting Insider Attacks Using IDS. 2002 [Online]. Available: http://www.securityfocus.com/infocus/1558