More Web Proxy on the site http://driver.im/

research-article

Free access

The dark triad and insider threats in cyber security

Authors:

Michele Maasberg,

Craig Van Slyke,

Nicole BeebeAuthors Info & Claims

Communications of the ACM, Volume 63, Issue 12

Pages 64 - 80

https://doi.org/10.1145/3408864

Published: 17 November 2020 Publication History

All formats PDF

Abstract

Tracing the relationship between pathological personality traits and insider cyber sabotage.

References

[1]

Band, S.R., Cappelli, D.M., Fischer, L.F., Moore, A.P., Shaw, E.D. and Trzeciak, R.F. Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis. Technical Report #CMU/SEI-2006-TR-026. Carnegie Mellon University Software Engineering Institute Pittsburgh, PA.

[2]

Barrick, M.R. and Mount, M.K. The big five personality dimensions and job performance: A meta-analysis. Personnel Psychology 44, 1 (1991), 1--26.

[3]

Bradfield, M. and Aquino, K. 1999. The effects of blame attributions and offender likableness on forgiveness and revenge in the workplace. J. Management 25, 5 (1999), 607--631.

[4]

Cappelli, D. An unaddressed threat to critical infrastructure and national security: Insider cyber sabotage. 2018; https://bit.ly/2CpdphW.

[5]

Clark, J.W. Threat from within: Case studies of insiders who committed information technology sabotage. In Proceedings of the 11^th Intern. Conf. Availability, Reliability and Security (Salzburg, Austria, Aug. 2016), 414--422.

[6]

CNBC. Elon Musk emails employees about "extensive and damaging sabotage" by employee. 2018; https://cnb.cx/2YnYgGr.

[7]

Greitzer, F.L., Frincke, D.A. and Zabriskie, M. Social/ethical issues in predictive insider threat monitoring. Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives. Information Science Reference, 2010, 132--161.

[8]

Greitzer, F.L., Purl, J., Becker, D.E. (Sunny), Stitcha, P.J. and Leong, Y.M. Modeling expert judgments of insider threat using ontology structure: Effects of individual indicator threat value and class membership. In Proceedings of the 52^nd Hawaii Intern. Conf. System Sciences (Maui, HI, USA, 2019), 3202--3211.

[9]

Greitzer, F.L., Purl, J., Leong, Y.M. and Sticha, P.J. Positioning your organization to respond to insider threats. IEEE Engineering Management Review 47, 2 (Jun. 2019), 75--83.

[10]

Harrison, A., Summers, J. and Mennecke, B. The effects of the dark triad on unethical behavior. J. Business Ethics 153, 1 (Nov. 2018), 53--77.

[11]

Jones, D.N. and Paulhus, D.L. Introducing the short dark triad (SD3): A brief measure of dark personality traits. Assessment 21, 1 (2014), 28--41.

[12]

Kiser, A.I.T., Porter, T. and Vequist, D. Employee monitoring and ethics: Can they co-exist? Intern. J. Digital Literacy and Digital Competence 1, 4 (Oct. 2010), 30--45.

[13]

Liang, N., Biros, D.P. and Luse, A. An Empirical Validation of Malicious Insider Characteristics. J. Management Information Systems 33, 2 (Apr. 2016), 361--392.

[14]

Montealegre, R. and Cascio, W.F. Technology-driven changes in work and employment. Commun. ACM 60, 12 (Nov. 2017), 60--67.

Digital Library

[15]

Paulhus, D.L. and Williams, K.M. The dark triad of personality: Narcissism, Machiavellianism, and psychopathy. J. Research in personality 36, 6 (2002), 556--563.

[16]

Sanders, G.L., Upadhyaya, S. and Wang, X. Inside the Insider. IEEE Engineering Management Review. 47, 2 (Jun. 2019), 84--91.

[17]

Schultz, E.E. A Framework for understanding and predicting insider attacks. Computers & Security 21, 6 (2002), 526--531.

Digital Library

[18]

Shaw, E. and Sellers, L. Application of the critical-path method to evaluate insider risks. Internal Security and Counterintelligence 59, 2 (2015), 1--8.

[19]

Shaw, E.D., Post, J.M. and Ruby, K.G. Inside the mind of the insider. Security Management 43, 12 (Dec. 1999), 34--44.

[20]

Software Engineering Institute. The CERT Insider Threat Center. Common Sense Guide to Mitigating Insider Threats, Fifth Edition. Technical Report #CMU/SEI-2015-TR-010. SEI, Carnegie Mellon University.

[21]

Torres, N. It's better to avoid a toxic employee than hire a superstar. Harvard Business Review, 2016.

[22]

Veselka, L., Schermer, J.A. and Vernon, P.A. The dark triad and an expanded framework of personality. Personality and Individual Differences 53, 4 (Sep. 2012), 417--425.

[23]

Wilder, D.U.M. The psychology of espionage and leaking in the digital age. Studies in Intelligence 61, 2 (2017), 1--36.

[24]

Willison, R. and Warkentin, M. 2013. Beyond deterrence: An expanded view of employee computer abuse. MIS Q. 37, 1 (2013), 1--20.

Digital Library

[25]

Wu, J. and Lebreton, J.M. Reconsidering the dispositional basis of counterproductive work behavior: The role of aberrant personality. Personnel Psychology 64, 3 (Sep. 2011), 593--626.

Cited By

Gross W(2025)Insider ThreatsComputer and Information Security Handbook10.1016/B978-0-443-13223-0.00036-9(601-612)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-13223-0.00036-9
قاسم عالعنزى ت(2024)فاعلية برنامج إرشادي في تنمية الوعي بالأمن السيبراني لدى مستخدمي الإنترنت من طلاب المرحلة الثانوية بمنطقة جازانمجلة جامعة الشارقة للعلوم الانسانية والاجتماعية10.36394/jhss/21/3/1921:3Online publication date: 12-Sep-2024
https://doi.org/10.36394/jhss/21/3/19
Padayachee K(2024)An exploration of dark and light triad personality traits towards situational crime prevention and compliant information security behaviourInformation & Computer Security10.1108/ICS-04-2023-0069Online publication date: 1-Jan-2024
https://doi.org/10.1108/ICS-04-2023-0069
Show More Cited By

Index Terms

The dark triad and insider threats in cyber security
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
      1. Social engineering attacks
  2. Professional topics
    1. Management of computing and information systems
      1. Project and people management

Recommendations

Insider Threats: It's the HUMAN, Stupid!
NCS '19: Proceedings of the Northwest Cybersecurity Symposium

Insider threats refer to threats posed by individuals who intentionally or unintentionally destroy, exfiltrate, or leak sensitive information, or expose their organization to outside attacks. Surveys of organizations in government and industry ...
Insider Threats in Cyber Security
Secure Team Composition to Thwart Insider Threats and Cyber-Espionage
Special Issue on Pricing and Incentives in Networks and Systems and Regular Papers

We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical security mechanisms by offering a bribe to a project team ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Communications of the ACM

Communications of the ACM Volume 63, Issue 12

December 2020

92 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3437360

Editor:
Andrew A. Chien
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 November 2020

Published in CACM Volume 63, Issue 12

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
9,005
Total Downloads

Downloads (Last 12 months)963
Downloads (Last 6 weeks)164

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gross W(2025)Insider ThreatsComputer and Information Security Handbook10.1016/B978-0-443-13223-0.00036-9(601-612)Online publication date: 2025
https://doi.org/10.1016/B978-0-443-13223-0.00036-9
قاسم عالعنزى ت(2024)فاعلية برنامج إرشادي في تنمية الوعي بالأمن السيبراني لدى مستخدمي الإنترنت من طلاب المرحلة الثانوية بمنطقة جازانمجلة جامعة الشارقة للعلوم الانسانية والاجتماعية10.36394/jhss/21/3/1921:3Online publication date: 12-Sep-2024
https://doi.org/10.36394/jhss/21/3/19
Padayachee K(2024)An exploration of dark and light triad personality traits towards situational crime prevention and compliant information security behaviourInformation & Computer Security10.1108/ICS-04-2023-0069Online publication date: 1-Jan-2024
https://doi.org/10.1108/ICS-04-2023-0069
Renaud KWarkentin MPogrebna Gvan der Schyff K(2024)VISTAInformation and Management10.1016/j.im.2023.10387761:1Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1016/j.im.2023.103877
Brilingaitė ABukauskas LDomarkienė IRančelis TAmbrozaitytė LPirta-Dreimane RLugo RKnox B(2024)Towards projection of the individualised risk assessment for the cybersecurity workforceComputer Standards & Interfaces10.1016/j.csi.2024.103962(103962)Online publication date: Dec-2024
https://doi.org/10.1016/j.csi.2024.103962
Prabhaker NBopche GArock M(2024)Generation and deployment of honeytokens in relational databases for cyber deceptionComputers & Security10.1016/j.cose.2024.104032146(104032)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104032
Dev MSaha D(2023)Does e-government development moderate the impact of female labor participation on national cybersecurity maturity? An empirical investigationInformation & Computer Security10.1108/ICS-03-2023-004232:1(74-92)Online publication date: 21-Aug-2023
https://doi.org/10.1108/ICS-03-2023-0042
Marbut AHarms P(2023)Fiends and Fools: A Narrative Review and Neo-socioanalytic Perspective on Personality and Insider ThreatsJournal of Business and Psychology10.1007/s10869-023-09885-939:3(679-696)Online publication date: 9-May-2023
https://doi.org/10.1007/s10869-023-09885-9
Ören T(2022)Security of Cyber-Physical-Social Systems: Impact of Simulation-Based Systems Engineering, Artificial Intelligence, Human Involvement, and EthicsAdvances in Computing, Informatics, Networking and Cybersecurity10.1007/978-3-030-87049-2_26(711-732)Online publication date: 3-Mar-2022
https://doi.org/10.1007/978-3-030-87049-2_26
Moustafa ABello AMaurushat A(2021)The Role of User Behaviour in Improving Cyber Security ManagementFrontiers in Psychology10.3389/fpsyg.2021.56101112Online publication date: 18-Jun-2021
https://doi.org/10.3389/fpsyg.2021.561011
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents