Michele Maasberg

The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits

Efforts to understand what goes on in the mind of an insider have taken a back seat to developing technical controls, yet insider threat incidents persist. We examine insider threat incidents with malicious intent and propose an explanation through a relationship between Dark Triad personality traits and the insider threat. Although Dark Triad personality traits have emerged in insider threat cases and deviant workplace behavior studies, they have not been labeled as such and little empirical research has examined this phenomenon. This paper builds on previous research on insider threat and introduces ten propositions concerning the relationship between Dark Triad personality traits and insider threat behavior. We include behavioral antecedents based on the Theory of Planned Behavior and Capability Means Opportunity (CMO) model and the factors affecting those antecedents. This research addresses the behavioral aspect of the insider threat and provides new information in support of academics and practitioners.

Detecting threatening insiders with lightweight media forensics

This research uses machine learning and outlier analysis to detect potentially hostile insiders through the automated analysis of stored data on cell phones, laptops, and desktop computers belonging to members of an organization. Whereas other systems look for specific signatures associated with hostile insider activity, our system is based on the creation of a “storage profile” for each user and then an automated analysis of all the storage profiles in the organization, with the purpose of finding storage outliers. Our hypothesis is that malicious insiders will have specific data and concentrations of data that differ from their colleagues and coworkers. By exploiting these differences, we can identify potentially hostile insiders. Our system is based on a combination of existing open source computer forensic tools and datamining algorithms. We modify these tools to perform a “lightweight” analysis based on statistical sampling over time. In this, our approach is both efficient and privacy sensitive. As a result, we can detect not just individuals that differ from their co-workers, but also insiders that differ from their historic norms. Accordingly, we should be able to detect insiders that have been “turned” by events or outside organizations. We should also be able to detect insider accounts that have been taken over by outsiders. Our project, now in its first year, is a three-year project funded by the Department of Homeland Security, Science and Technology Directorate, Cyber Security Division. In this paper we describe the underlying approach and demonstrate how the storage profile is created and collected using specially modified open source tools. We also present the results of running these tools on a 500GB corpus of simulated insider threat data created by the Naval Postgraduate School in 2008 under grant from the National Science Foundation.

Privacy and biometrics: An empirical examination of employee concerns

Advances in authentication technology have led to a proliferation of biometric-based systems in the workplace. Although biometric technologies offer organizations a cost-effective method of increasing security, employees are often hesitant to permit use. The collection and storage of employee biometric data raises concerns about proper use of these intensely personal identifiers. This work draws from organizational privacy practices, electronic monitoring, procedural fairness, self-construal, and technology adoption theories. We investigate the effects of independent and interdependent self-construal on three newly developed dimensions of employee privacy concern related to organizational use of biometric technology. These dimensions include perceived accountability, perceived vulnerability, and perceived distrust toward the organization. We test the predictive power of our model using data from an organization deploying a new biometric system designed to track employee work assignments under the auspices of improving personnel safety. Results indicate that self-construal plays a significant role in the formulation of privacy concerns and both perceived accountability concerns and perceived vulnerability concerns are significant predictors of attitude toward using biometric technology in the workplace.

The Enemy Within the Insider: Detecting the Insider Threat Through Addiction Theory

“Insiders” remain a significant threat to organizations—evidenced by recent cases involving Robert Hansen, Bradley Manning, and Edward Snowden—even in light of significant movement toward neutralizing the threat through detection and prevention. Insiders pose detection challenges for security professionals because they often have legitimate access and intimate organizational knowledge. Nonetheless, past insider threat detection research has predominantly focused on signature-based detection of digital indicators of insider activity and behavioral profiling. This article develops a novel relationship between addiction theory and the insider threat from an information systems perspective. This discussion introduces seven propositions concerning this relationship, addiction antecedents, and the factors moderating the relationship between addiction and the insider threat. This model has significant implications for the insider threat detection challenge, as it provides new signals that may be useful for detection, supporting practitioners, and future research.

Slayers vs Slackers: An Examination of Users’ Competitive Differences in Gamified IT Platforms Based on Hedonic Motivation System Model

Competitive fitness environment platforms and technology rely on reward-based gamification, which can be traced back to customer loyalty programs started by the airline and hotel industry in the 1980’s. These reward systems use basic game elements of Badges, Levels/Leaderboards, Achievements, and Points (BLAP) to invoke intrinsic motivation. Reward-based gamifications are easy to implement and the application of such systems has been proven to be successful in adaptive learning of certain types of skills or encouraging the completion of routine tasks. However, implementing reward-based game elements without designing a meaningful experience tailored to the individuals’ characteristics or learning needs could lead to user boredom or disengagement over the long run. This research extends Hedonic Motivation System Model (HMSAM), which is specific system acceptance model based on cognitive absorption in a competitive fitness context, by examining the effect of users’ competitive and engagement characteristics. We propose that considering individual competitive differences as well as providing a meaningful immersive experience can enhance IS platform design and have practical results regarding enhancement of competitive fitness technology design in support of improved individual user performance and safety.

An Examination of Factors That Influence Students’ IT Career Decisions

ABSTRACT A key challenge resulting from the rapid growth of the information technology (IT) industry is finding enough qualified workers to fill available positions. In this paper, Holland’s Theory of Occupational Themes, Social Cognitive Career Theory, and Career Construction Theory are used to investigate how job-related beliefs, career planning perceptions, and occupational congruence work together to influence students’ career decisions, major satisfaction, and academic performance. Using 210 student responses, we empirically test a theoretically derived research model. Our findings suggest that job security is a strong predictor of both IT career optimism and career planning ability. In addition, career optimism and career planning ability are important antecedents of students’ IT career commitment, which significantly influences satisfaction with academic major. A modest portion of academic performance was explained by the model. Most notably, occupational congruence was found to be a poor predictor of academic major satisfaction and performance.