Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model

  • Abstract

    The growing reliance on technological infrastructures has made organizations increasingly vulnerable to threats from trusted employees, former employees, current or former contractors, and clients. Recent research indicates that successful defense from these threats depends on both technical and behavioral controls. In this paper, we report on our work to identify seemingly reasonable organizational actions that may inadvertently lead to increased risk exposure. We also consider how potential internal attackers may be encouraged or discouraged by monitoring the organization’s responses to probes of its firm’s security systems.

    Two interwoven work products are presented: A case study that presents a particular type of insider threat–long-term fraud–and a simulation model that supports the case, the underlying dynamic theory, and examination of policy options. The case and model combine to produce a motivating and useful exercise that illustrates the problems of insider cyber-threats. This material has been used in teaching of insider threat issues with satisfactory results.

  • Download