Managing the weakest link: A game-theoretic approach for the mitigation of insider threats

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8134 LNCS, Issue , 2013, Pages 273-290

  Laszka, Aron ^a,b   Johnson, Benjamin ^a,c   Schöttle, Pascal ^a,d   Grossklags, Jens ^a   Böhme, Rainer ^d  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b BUDAPEST UNIVERSITY OF TECHNOLOGY AND ECONOMICS   (Hungary)

^c UNIVERSITY OF CALIFORNIA   (United States)

^d UNIVERSITY OF MÜNSTER   (Germany)

Author keywords

Access Control; Computer Security; Cyberespionage; Game Theory; Insider Threats

Indexed keywords

CYBERESPIONAGE; GAME-THEORETIC; INSIDER THREAT; NON-ZERO PROBABILITY; PROJECT MANAGERS; STOCHASTIC GAME; TEAM COMPOSITION; WEAKEST LINKS;

ACCESS CONTROL; GAME THEORY; HUMAN RESOURCE MANAGEMENT; RANDOM VARIABLES; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 84884766446     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-40203-6_16     Document Type: Conference Paper

References (19)

1. Anderson, R.: Security engineering - A guide to building dependable distributed systems, 2nd edn. Wiley (2008)
2. Anderson, R., Barton, C., Böhme, R., Clayton, R., van Eeten, M., Levi, M., Moore, T., Savage, S.: Measuring the cost of cybercrime. In: WEIS (2012)
3. Band, S., Cappelli, D., Fischer, L., Moore, A., Shaw, E., Trzeciak, R.: Comparing insider IT sabotage and espionage: A model-based analysis. Technical Report CMU/SEI-2006-TR-026, Carnegie Mellon University (2006)
4. Bontis, N.: Assessing knowledge assets: A review of the models used to measure intellectual capital. International Journal of Management Reviews 3(1), 41-60 (2001)
5. Colwill, C.: Human factors in information security: The insider threat - Who can you trust these days? Information Security Technical Report 14(4), 186-196 (2009)
6. Corporate Trust (Business Risk & Crisis Mgmt. GmbH). Studie: Industriespionage 2012 - Aktuelle Risiken für die deutsche Wirtschaft durch Cyberwar (2012)
7. D'Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20(1), 79-98 (2009)
8. FBI. The insider threat (April 2013), http://www.fbi.gov/about-us/ investigate/counterintelligence/insider-threat-brochure
9. Federal Bureau of Investigation. Economic espionage, http://www.fbi.gov/ about-us/investigate/counterintelligence/economic-espionage
10. Finn, P.: Chinese citizen sentenced in military data-theft case. Washington Post (March 2013)
11. Johnson, B., Schöttle, P., Böhme, R.: Where to hide the bits? In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 1-17. Springer, Heidelberg (2012)
12. Liu, D., Wang, X.F., Jean Camp, L.: Game theoretic modeling and analysis of insider threats. International Journal of Critical Infrastructure Protection 1, 75-80 (2008)
13. Moore, A., Cappelli, D., Caron, T., Shaw, E., Spooner, D., Trzeciak, R.: A preliminary model of insider theft of intellectual property. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(1), 28-49 (2011)
14. Munshi, A., Dell, P., Armstrong, H.: Insider threat behavior factors: A comparison of theory with reported incidents. In: IEEE HICSS 2012, pp. 2402-2411 (2012)
15. Nelder, J., Mead, R.: A simplex method for function minimization. Computer Journal 7, 308-313 (1965)
16. Randazzo, M., Keeney, M., Kowalski, E., Cappelli, D., Moore, A.: Insider threat study: Illicit cyber activity in the banking and finance sector. Technical Report CMU/SEI-2004-TR-021, Carnegie Mellon University (June 2005)
17. Ronde, T.: Trade secrets and information sharing. Journal of Economics and Management Strategy 10, 391-417 (2001)
18. Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278-1308 (1975)
19. Sandhu, R., Samarati, P.: Access control: Principles and practice. IEEE Communications Magazine 32, 40-48 (1994)