Abstract
Insider’s information security threat is one of the most critical issues in organizations. Due to their access to the assets and their knowledge about the systems, they pose a significant threat on organizations. It is difficult to distinguish between the behavior of normal employee and anomalous one due to its complex nature. It is important to predict the potential of occurring an undesired behavior of by an employee before taking place a security failure. An employee with a high degree of threat may try to influence other colleagues to encourage them to behave improperly and cause an information security breach. Therefore, analyzing the relationships between colleagues and assessing the influence propagation of insider threats play an important role in information security improvement process. This paper introduces an approach for modeling the relationships between colleagues to estimate the impact propagation of insider threats in organizations. The proposed approach has two main phases. In the first phase, the potential threat level of the organization employees is evaluated using the human and organizational factors of information security questionary. In the second phase, by modeling the employee’s relationships, the influence propagation of threats is estimated. The introduced model is based on directed graph structure, and it is parameterized by the employee’s threat values obtained from the first stage of the presented approach. We want to investigate how malicious or unacceptable behavior of an employee may affect the behavior of other employees and how can we model and evaluate this issue?
Similar content being viewed by others
Data availability
Data supporting the findings of this study are available on our public GitHub [23] repository.
References
AlHogail, A.: Design and validation of information security culture framework. Comput. Hum. Behav. 49, 567–575 (2015)
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M.: Individual differences and information security awareness. Comput. Hum. Behav. 69, 151–156 (2017)
Tolah, A., Furnell, S.M., Papadaki, M.: An empirical analysis of the information security culture key factors framework. Comput. Secur. 108, 102354 (2021)
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017)
Ning, X., Jiang, J.: Defense-in-depth against insider attacks in cyber-physical systems. Internet Things Cyber-Phys. Syst. 2, 203–211 (2022)
Orojloo, H., Azgomi, M.A.: A method for evaluating the consequence propagation of security attacks in cyber–physical systems. Futur. Gener. Comput. Syst. 67, 57–71 (2017)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—A survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)
Safa, N.S., Maple, C., Furnell, S., Azad, M.A., Perera, C., Dabbagh, M., Sookhak, M.: Deterrence and prevention-based model to mitigate information security insider threats in organisations. Futur. Gener. Comput. Syst. 97, 587–597 (2019)
Al-Mhiqani, M.N., Ahmad, R., Abidin, Z.Z., Abdulkareem, K.H., Mohammed, M.A., Gupta, D., Shankar, K.: A new intelligent multilayer framework for insider threat detection. Comput. Electr. Eng. 97, 107597 (2022)
Kim, K.N., Yim, M.S., Schneider, E.: A study of insider threat in nuclear security analysis using game theoretic modeling. Ann. Nucl. Energy 108, 301–309 (2017)
Happa, J.: Insider-threat detection using gaussian mixture models and sensitivity profiles. Comput. Secur. 77, 838–859 (2018)
Elmrabit, N., Yang, S.H., Yang, L., Zhou, H.: Insider threat risk prediction based on Bayesian network. Comput. Secur. 96, 101908 (2020)
Alhajjar, E., Bradley, T.: Survival analysis for insider threat Detecting insider threat incidents using survival analysis techniques. Computational and mathematical organization theory, 2021
Shamala, P., Ahmad, R., Zolait, A., Sedek, M.: Integrating information quality dimensions into information security risk management (ISRM). J. Inf. Secur. Appl. 36, 1–10 (2017)
Kim, J.Y., Kwon, H.Y.: Threat Classification Model for Security Information Event Management Focusing on Model Efficiency. Computers & Security, 102789, 2022
Wiley, A., McCormac, A., Calic, D.: More than the individual: examining the relationship between culture and information security awareness. Comput. Secur. 88, 101640 (2020)
Figueira, P.T., Bravoand, C.L., López, J.L.R.: Improving information security risk analysis by including threat-occurrence predictive models. Comput. Secur. 88, 101609 (2020)
Safa, N.S., Von Solms, R.: An information security knowledge sharing model in organizations. Comput. Hum. Behav. 57, 442–451 (2016)
Thangavelu, M., Krishnaswamy, V., Sharma, M.: Impact of comprehensive information security awareness and cognitive characteristics on security incident management–an empirical study. Comput. Secur. 109, 102401 (2021)
Nazareth, D.L., Choi, J.: A system dynamics model for information security management. Inf. Manag. 52(1), 123–134 (2015)
Yoon, K.: A reconciliation among discrete compromise solutions. J Oper. Res. Soc. 38, 277–286 (1987)
Junior, F.R.L., Osiro, L., Carpinetti, L.C.R.: A comparison between Fuzzy AHP and Fuzzy TOPSIS methods to supplier selection. Appl. Soft Comput. 21, 194–209 (2014)
Funding
No funding was received for this research.
Author information
Authors and Affiliations
Contributions
All the preparation steps of the article were done by me.
Corresponding author
Ethics declarations
Conflict of interest
All of the authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sepehrzadeh, H. A method for insider threat assessment by modeling the internal employee interactions. Int. J. Inf. Secur. 22, 1385–1393 (2023). https://doi.org/10.1007/s10207-023-00697-9
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00697-9