The insider threat to cybersecurity: how group process and ignorance affect analyst accuracy and promptitude
Kelly, Ryan F.
MetadataShow full item record
The recent increase in high-profile insider cyber exploits indicates that current insider threat analysis (ITA) is insufficient to handle the growing insider threat problem. Well-established academic literature agrees that information overload is a problem ITA must overcome because ITA remains a human-intensive task. Two conceptual strategies to overcome information overload include reducing information and distributing information among additional people to accommodate the load. This dissertation applies attribution theory and process loss theory to test two ITA factors: ignorance and teamwork. A laboratory experiment with a convenience sample of 48 ITA-trained, top secret--cleared participants supported the research. Participants performed ITA with National Insider Threat Task Force training scenarios and applied the adjudicative guidelines for access to classified information. Teamwork conditions resulted in slightly higher accuracy at a significant cost of time, indicating that ITA analysts are best organized in different structures per informational and temporal constraints. However, ignorance level had little effect on ITA analyst accuracy. ITA analysts were substantially more accurate at implication scenarios but slightly better than chance at exoneration scenarios. Lower decision confidence associated with exoneration scenarios indicated that ITA analysts are more likely to guess when presented with an exoneration scenario. Further research involving larger independent samples and temporal constraints is necessary to verify these findings.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Callahan, Christopher J. (Monterey, California: Naval Postgraduate School, 2013-09);Malicious insider activities on military networks can pose a threat to military operations. Early identification of malicious insiders assists in preventing significant damage and reduces the overall insider threat to ...
Sellen, Jeremey J. (Monterey, California: Naval Postgraduate School, 2016-09);Insider threat is a significant problem for both governmental and private organizations. Individuals can do immense harm with their trusted accesses. To combat this threat, organizations have created departments with trained ...
Fisher, David J. (Monterey, California: Naval Postgraduate School, 2015-09);Cyber security experts agree that insider threats are and will continue to be a threat to every organization. These threats come from trusted co-workers who, for one reason or another, betray their organizations and steal ...