Full Record

New Search | Similar Records

Author
Title Alleviating Insider Threats: Mitigation Strategies and Detection Techniques
URL
Publication Date
Date Accessioned
Degree Level doctoral
University/Publisher University of Arizona
Abstract Insider threats – trusted members of an organization who compromise security – are considered the greatest security threat to organizations. Because of ignorance, negligence, or malicious intent, insider threats may cause security breaches resulting in substantial damages to organizations and even society. This research helps alleviate the insider threat through developing mitigation strategies and detection techniques in three studies. Study 1 examines how security controls – specifically depth-of-authentication and training recency – alleviate non-malicious insider threats through encouraging secure behavior (i.e., compliance with an organization's security policy). I found that `simpler is better' when implementing security controls, the effects of training diminish rapidly, and intentions are poor predictors of actual secure behavior. Extending Study 1's finding on training recency, Study 2 explains how different types of training alleviate non-malicious insider threat activities. I found that just-in-time reminders are more effective than traditional training programs in improving secure behavior, and again that intentions are not an adequate predictor of actual secure behavior. Both Study 1 and Study 2 introduce effective mitigation strategies for alleviating the non-malicious insider threat; however, they have limited utility when an insider threat has malicious intention, or deliberate intentions to damage the organization. To address this limitation, Study 3 conducts research to develop a tool for detecting malicious insider threats. The tool monitors mouse movements during an insider threat screening survey to detect when respondents are being deceptive. I found that mouse movements are diagnostic of deception. Future research directions are discussed to integrate and extend the findings presented in this dissertation to develop a behavioral information security framework for alleviating both the non-malicious and malicious insider threats in organizations.
Subjects/Keywords Information Systems; Insider Threat; Mouse Movements; Passwords; Security; Management; Experiment
Contributors Valacich, Joseph S (advisor); Nunamaker, Jay F., Jr (advisor); Durcikova, Alexandra (committeemember); Hairiri, Salim (committeemember); Nunamaker, Jay F., Jr. (committeemember); Valacich, Joseph S. (committeemember)
Language en
Rights Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Country of Publication us
Record ID handle:10150/297023
Repository arizona-diss
Date Indexed 2020-04-23
Issued Date 2013-01-01 00:00:00

Sample Search Hits | Sample Images

…research to develop a tool for detecting malicious insider threats. The tool monitors mouse movements during an insider threat screening survey to detect when respondents are being deceptive. I found that mouse movements are diagnostic of deception. Future…

…about insider threat activities. I found that mouse movements are diagnostic of deception. For example, we found differences between how guilty insiders answered key questions (sensitive questions about an insider threat activity) and control…

…Training matters Just-in-time reminders are more effective than training sessions alone in improving actual behavior Mouse movements are diagnostic of insider threats in screening surveys Mouse movements provide information that cannot be derived in…

…8 TABLE OF CONTENTS – Continued APPENDIX F: STUDY 2 INSTRUMENT VALIDATION ...................................................... 126 APPENDIX G: SUMMARY AND EXCERPTS FROM STUDIES THAT HAVE LINKED HAND MOVEMENTS TO COGNITIVE PROCESSES…

…71 Figure 10. Model results ............................................................................................................... 76 Figure 11. Mouse trajectories while making truth/false judgments of statements with different levels of…

…confirmatory factor analysis ............................................................... 126 Table 22. Summary of relevant studies that have linked hand movements to cognitive processes…

.