Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

System dynamics approach to malicious insider cyber-threat modelling and analysis

Fagade, Tesleem, Albishry, Nabeel, Tryfonas, Theo and Spyridopoulos, Theodoros ORCID: https://orcid.org/0000-0001-7575-9909 2017. System dynamics approach to malicious insider cyber-threat modelling and analysis. Presented at: 5th International Conference on Human Aspects of Information Security, Privacy and Trust, Vancouver, Canada, 9th-14th July 2017. Human Aspects of Information Security, Privacy and Trust. Lecture Notes in Computer Science , vol.10292 Springer, pp. 309-321. 10.1007/978-3-319-58460-7_21

Full text not available from this repository.

Abstract

Enforcing cybersecurity controls against malicious insiders touches upon complex issues like people, process and technology. In large and complex systems, addressing the problem of insider cyber threat involves diverse solutions like compliance, technical and procedural controls. This work applies system dynamics modelling to understand the interrelationships between three distinct indicators of a malicious insider, in order to determine the possibility of a security breach through developing trends and patterns. It combines observable behaviour of actors based on the well-established theory of planned behaviour; technical footprints from incident log information and social network profiling of personality traits, based on the ‘big five’ personality model. Finally, it demonstrates how system dynamics as a risk modelling approach can flag early signs of malicious insider threats by aggregating associative properties of different risk elements. Our initial findings suggest that key challenges to combating insider threats are uncertainty, irregular intervals between malicious activities and exclusion of different personality factors in the design of cyber-security protocols. Based on these insights we propose how this knowledge may help with mitigation controls in a secure environment.

Item Type: Conference or Workshop Item (Paper)
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Publisher: Springer
ISBN: 978-3-319-58460-7
ISSN: 16113349 03029743
Last Modified: 01 Feb 2023 11:30
URI: https://orca.cardiff.ac.uk/id/eprint/153611

Actions (repository staff only)

Edit Item Edit Item