Abstract
Tracing the relationship between pathological personality traits and insider cyber sabotage.
- Band, S.R., Cappelli, D.M., Fischer, L.F., Moore, A.P., Shaw, E.D. and Trzeciak, R.F. Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis. Technical Report #CMU/SEI-2006-TR-026. Carnegie Mellon University Software Engineering Institute Pittsburgh, PA.Google Scholar
- Barrick, M.R. and Mount, M.K. The big five personality dimensions and job performance: A meta-analysis. Personnel Psychology 44, 1 (1991), 1--26.Google ScholarCross Ref
- Bradfield, M. and Aquino, K. 1999. The effects of blame attributions and offender likableness on forgiveness and revenge in the workplace. J. Management 25, 5 (1999), 607--631.Google Scholar
- Cappelli, D. An unaddressed threat to critical infrastructure and national security: Insider cyber sabotage. 2018; https://bit.ly/2CpdphW.Google Scholar
- Clark, J.W. Threat from within: Case studies of insiders who committed information technology sabotage. In Proceedings of the 11th Intern. Conf. Availability, Reliability and Security (Salzburg, Austria, Aug. 2016), 414--422.Google ScholarCross Ref
- CNBC. Elon Musk emails employees about "extensive and damaging sabotage" by employee. 2018; https://cnb.cx/2YnYgGr.Google Scholar
- Greitzer, F.L., Frincke, D.A. and Zabriskie, M. Social/ethical issues in predictive insider threat monitoring. Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives. Information Science Reference, 2010, 132--161.Google Scholar
- Greitzer, F.L., Purl, J., Becker, D.E. (Sunny), Stitcha, P.J. and Leong, Y.M. Modeling expert judgments of insider threat using ontology structure: Effects of individual indicator threat value and class membership. In Proceedings of the 52nd Hawaii Intern. Conf. System Sciences (Maui, HI, USA, 2019), 3202--3211.Google ScholarCross Ref
- Greitzer, F.L., Purl, J., Leong, Y.M. and Sticha, P.J. Positioning your organization to respond to insider threats. IEEE Engineering Management Review 47, 2 (Jun. 2019), 75--83.Google ScholarCross Ref
- Harrison, A., Summers, J. and Mennecke, B. The effects of the dark triad on unethical behavior. J. Business Ethics 153, 1 (Nov. 2018), 53--77.Google ScholarCross Ref
- Jones, D.N. and Paulhus, D.L. Introducing the short dark triad (SD3): A brief measure of dark personality traits. Assessment 21, 1 (2014), 28--41.Google ScholarCross Ref
- Kiser, A.I.T., Porter, T. and Vequist, D. Employee monitoring and ethics: Can they co-exist? Intern. J. Digital Literacy and Digital Competence 1, 4 (Oct. 2010), 30--45.Google ScholarCross Ref
- Liang, N., Biros, D.P. and Luse, A. An Empirical Validation of Malicious Insider Characteristics. J. Management Information Systems 33, 2 (Apr. 2016), 361--392.Google Scholar
- Montealegre, R. and Cascio, W.F. Technology-driven changes in work and employment. Commun. ACM 60, 12 (Nov. 2017), 60--67.Google ScholarDigital Library
- Paulhus, D.L. and Williams, K.M. The dark triad of personality: Narcissism, Machiavellianism, and psychopathy. J. Research in personality 36, 6 (2002), 556--563.Google Scholar
- Sanders, G.L., Upadhyaya, S. and Wang, X. Inside the Insider. IEEE Engineering Management Review. 47, 2 (Jun. 2019), 84--91.Google Scholar
- Schultz, E.E. A Framework for understanding and predicting insider attacks. Computers & Security 21, 6 (2002), 526--531.Google ScholarDigital Library
- Shaw, E. and Sellers, L. Application of the critical-path method to evaluate insider risks. Internal Security and Counterintelligence 59, 2 (2015), 1--8.Google Scholar
- Shaw, E.D., Post, J.M. and Ruby, K.G. Inside the mind of the insider. Security Management 43, 12 (Dec. 1999), 34--44.Google Scholar
- Software Engineering Institute. The CERT Insider Threat Center. Common Sense Guide to Mitigating Insider Threats, Fifth Edition. Technical Report #CMU/SEI-2015-TR-010. SEI, Carnegie Mellon University.Google Scholar
- Torres, N. It's better to avoid a toxic employee than hire a superstar. Harvard Business Review, 2016.Google Scholar
- Veselka, L., Schermer, J.A. and Vernon, P.A. The dark triad and an expanded framework of personality. Personality and Individual Differences 53, 4 (Sep. 2012), 417--425.Google ScholarCross Ref
- Wilder, D.U.M. The psychology of espionage and leaking in the digital age. Studies in Intelligence 61, 2 (2017), 1--36.Google Scholar
- Willison, R. and Warkentin, M. 2013. Beyond deterrence: An expanded view of employee computer abuse. MIS Q. 37, 1 (2013), 1--20.Google ScholarDigital Library
- Wu, J. and Lebreton, J.M. Reconsidering the dispositional basis of counterproductive work behavior: The role of aberrant personality. Personnel Psychology 64, 3 (Sep. 2011), 593--626.Google ScholarCross Ref
Index Terms
- The dark triad and insider threats in cyber security
Recommendations
Insider Threats: It's the HUMAN, Stupid!
NCS '19: Proceedings of the Northwest Cybersecurity SymposiumInsider threats refer to threats posed by individuals who intentionally or unintentionally destroy, exfiltrate, or leak sensitive information, or expose their organization to outside attacks. Surveys of organizations in government and industry ...
Secure Team Composition to Thwart Insider Threats and Cyber-Espionage
Special Issue on Pricing and Incentives in Networks and Systems and Regular PapersWe develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical security mechanisms by offering a bribe to a project team ...
Comments