Insider Threat Detection: A Solution in Search of a Problem

Date

2020-06

Journal Title

Journal ISSN

Volume Title

Publisher

IEEE

Abstract

Insider threats (IT) reflect a growing concern in security communities. Despite a rapid increase in the number of papers examining IT, definitions, research methods, models, and critical evaluations are rare. The present paper provides a critical review of these issues. Definitions of insider threat have varied from general: focusing on all forms of organizational deviant behavior, to specific: focusing on individual difference and social context variables. Research methods are based on deductive principles and intuitions of subject matter experts, computational models based on social media activity, and empirical observations based on synthetic or inaccessible data sets, i.e., black data. Following a review of these considerations, we demonstrate that many existing approaches within the behavioral and social sciences can provide more solid foundations to the IT literature. Using insight from research on organizational deviant behaviour and workplace incivility, we conclude by proposing a multidimensional classification system for insider threat SIEVE: severity (S), intentionality (I), type of employee norm violation (EV), and ethicality (E).

Description

Keywords

organization, insider threat, threat behavior, cyber crime

Citation

J. R. Schoenherr and R. Thomson, "Insider Threat Detection: A Solution in Search of a Problem," 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Dublin, Ireland, 2020, pp. 1-7, doi: 10.1109/CyberSecurity49315.2020.9138862.