Using dynamic models to support inferences of insider threat risk

Two modeling approaches were integrated to address the problem of predicting the risk of an attack by a particular insider. We present a system dynamics model that incorporates psychological factors including personality, attitude and counterproductive behaviors to simulate the pathway to insider at...

Full description

Saved in:
Bibliographic Details
Published in:Computational and mathematical organization theory 2016-09, Vol.22 (3), p.350-381
Main Authors: Sticha, Paul J., Axelrad, Elise T.
Format: Article
Language:English
Subjects:
Artificial Intelligence
Bayesian analysis
Behavior
Belief networks
Business and Management
Computer simulation
Employees
Information technology
Management
Mathematical models
Methodology of the Social Sciences
Monte Carlo simulation
Operations Research/Decision Theory
Organizational behavior
Organizations
Personality
Psychological aspects
Risk
Sabotage
Sanctions
Sociology
Special Issue - Insider Threat
System dynamics
Threats
Variables
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Two modeling approaches were integrated to address the problem of predicting the risk of an attack by a particular insider. We present a system dynamics model that incorporates psychological factors including personality, attitude and counterproductive behaviors to simulate the pathway to insider attack. Multiple runs of the model that sampled the population of possible personalities under different conditions resulted in simulated cases representing a wide range of employees of an organization. We then structured a Bayesian belief network to predict attack risk, incorporating important variables from the system dynamics model and learning the conditional probabilities from the simulated cases. Three scenarios were considered for comparison of risk indicators: An average employee (i.e., one who scores at the mean of a number of personality variables), an openly disgruntled malicious insider, and a disgruntled malicious insider who decides to conceal bad behaviors. The counterintuitive result is that employees who act out less than expected, given their particular level of disgruntlement, can present a greater risk of being malicious than other employees who exhibit a higher level of counterproductive behavior. This result should be tempered, however, considering the limited grounding of some of the model parameters. Nevertheless, this approach to integrating system dynamics modeling and Bayesian belief networks to address an insider threat problem demonstrates the potential for powerful prediction and detection capability in support of insider threat risk mitigation.
ISSN:1381-298X
1572-9346
DOI:10.1007/s10588-016-9209-1