The insider threat to cybersecurity: how group process and ignorance affect analyst accuracy and promptitude
Kelly, Ryan F.
Gallup, Shelley P.
MetadataShow full item record
The recent increase in high-profile insider cyber exploits indicates that current insider threat analysis (ITA) is insufficient to handle the growing insider threat problem. Well-established academic literature agrees that information overload is a problem ITA must overcome because ITA remains a human-intensive task. Two conceptual strategies to overcome information overload include reducing information and distributing information among additional people to accommodate the load. This dissertation applies attribution theory and process loss theory to test two ITA factors: ignorance and teamwork. A laboratory experiment with a convenience sample of 48 ITA-trained, top secret--cleared participants supported the research. Participants performed ITA with National Insider Threat Task Force training scenarios and applied the adjudicative guidelines for access to classified information. Teamwork conditions resulted in slightly higher accuracy at a significant cost of time, indicating that ITA analysts are best organized in different structures per informational and temporal constraints. However, ignorance level had little effect on ITA analyst accuracy. ITA analysts were substantially more accurate at implication scenarios but slightly better than chance at exoneration scenarios. Lower decision confidence associated with exoneration scenarios indicated that ITA analysts are more likely to guess when presented with an exoneration scenario. Further research involving larger independent samples and temporal constraints is necessary to verify these findings.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Callahan, Christopher J. (Monterey, California: Naval Postgraduate School, 2013);Malicious insider activities on military networks can pose a threat to military operations. Early identification of malicious insiders assists in preventing significant damage and reduces the overall insider threat to ...
Sellen, Jeremey J. (Monterey, California: Naval Postgraduate School, 2016-09);Insider threat is a significant problem for both governmental and private organizations. Individuals can do immense harm with their trusted accesses. To combat this threat, organizations have created departments with trained ...
Humphrey, Adam (Monterey, CA; Naval Postgraduate School, 2019-06);The malicious insider threat is one of the most nefarious of potential cyber security breaches. There have been egregious insider data thefts in the last 10 years within the government. The Unintentional Insider Threat ...