Developing An Insider Threat Training Environment

Keywords

Cybersecurity; Game engines; Gaming environment; Insider threat

Abstract

Many cyber security officers are more concerned with outside rather than insider threats because the enemy is generally perceived as being “out there” or beyond the organization. Therefore, defensive actions are readily available once an outside threat is identified (Colwill in Human factors in information security: the insider threat—who can you trust these days? pp. 186–196, 2009 [1]). Contradictory to the ideas of social identification as an “us” and “them,” the greatest enemy may be lurking within one’s own organization. Individuals are considered insiders if they presently have (or at one time had) permission to access an organization’s data or network structures (Greitzer et al. in Secur Priv IEEE 6(1):61–64, 2008 [2]). The concept of the insider threat is considered one of the most difficult situations to deal with in the cybersecurity domain (Hunker and Probst in J Wireless Mobile Netw Ubiquitous Comput Dependable Appl 2(1):4–27, 2011 [3]). The Association of Certified Fraud Examiners has reported two-thirds of fraud and identity thefts are executed by organizations’ employees or other known insiders. They also estimate U.S. companies have lost 5% of revenue to fraudulent insider activities (Randazzo et al. in Insider threat study: illicit cyber activity in the banking and finance sector, 2005 [4]). Insiders have multiple advantages over an outsider. An insider threat is one of the most difficult situations to identify. Therefore, it is critical that training be developed. The first step to effective training is constructing an environment that lends itself to insider threat situations. The present paper describes the process in which one insider threat virtual environment was constructed. A discussion of the considerations and functional features is detailed.

Publication Date

1-1-2016

Publication Title

Advances in Intelligent Systems and Computing

Volume

501

Number of Pages

267-277

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1007/978-3-319-41932-9_22

Socpus ID

84986252373 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84986252373

This document is currently not available here.

Share

COinS