Threat from Within: Case Studies of Insiders Who Committed Information Technology Sabotage
作者: Jason W. Clark
DOI: 10.1109/ARES.2016.78
关键词: Insider threat 、 Computer science 、 Computer security 、 Sample (statistics) 、 Sentence 、 Commit 、 Best practice 、 Problem space 、 Internet privacy 、 Insider 、 Information technology
摘要: In this paper, we investigate insider information technology sabotage. After an analysis of over 1200 cases in our threat corpus, identified 97 sabotage that are found public records. all cases, the has pleaded guilty or was convicted a courtroom. The majority (United States) domestic. We begin by providing introduction to problem space. Next, provide abridged case summary for sample cases. Based on perform answer following research questions: 1) Who insiders commit sabotage? 2) What is motivation behind attacking? 3) technical means were used launch attack? 4) How caught? 5) damage did they cause? 6) sentence receive? Lastly, describe aggregated results and best practices help mitigate type describe.
sci-hub.se 参考文章(16)
Philip A Legg, Nick Moffat, Jason RC Nurse, Jassim Happa, Ioannis Agrafiotis, Michael Goldsmith, Sadie Creese, None, Towards a conceptual model and reasoning structure for insider threat detection Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. ,vol. 4, pp. 20- 37 ,(2013) , 10.22667/JOWUA.2013.12.31.020
Michele Maasberg, John Warren, Nicole L. Beebe, The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits hawaii international conference on system sciences. pp. 3518- 3526 ,(2015) , 10.1109/HICSS.2015.423
Dawn M. Cappelli, Randall F. Trzeciak, Lynn F. Fischer, Andrew P. Moore, Stephen R. Band, Eric D. Shaw, Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis Carnegie Mellon University. ,(2006) , 10.1184/R1/6572663.V1
Michael D. Crino, Employee Sabotage: A Random or Preventable Phenomenon? Journal of Managerial Issues. ,vol. 6, pp. 311- ,(1994)
Julian Jang-Jaccard, Surya Nepal, None, A survey of emerging threats in cybersecurity Journal of Computer and System Sciences. ,vol. 80, pp. 973- 993 ,(2014) , 10.1016/J.JCSS.2014.02.005
Matt Bishop, Heather M. Conboy, Huong Phan, Borislava I. Simidchieva, George S. Avrunin, Lori A. Clarke, Leon J. Osterweil, Sean Peisert, Insider Threat Identification by Process Analysis ieee symposium on security and privacy. pp. 251- 264 ,(2014) , 10.1109/SPW.2014.40
Robert A. Giacalone, Stephen B. Knouse, Justifying wrongful employee behavior: The role of personality in organizational sabotage Journal of Business Ethics. ,vol. 9, pp. 55- 61 ,(1990) , 10.1007/BF00382564
Frank L. Greitzer, Andrew P. Moore, Dawn M. Cappelli, Dee H. Andrews, Lynn A. Carroll, Thomas D. Hull, Combating the Insider Cyber Threat ieee symposium on security and privacy. ,vol. 6, pp. 61- 64 ,(2008) , 10.1109/MSP.2008.8
Yi Lu Wang, Sang Chin Yang, A Method of Evaluation for Insider Threat 2014 International Symposium on Computer, Consumer and Control. pp. 438- 441 ,(2014) , 10.1109/IS3C.2014.121
E.Eugene Schultz, A framework for understanding and predicting insider attacks Computers & Security. ,vol. 21, pp. 526- 531 ,(2002) , 10.1016/S0167-4048(02)01009-X