Modeling Security

Security experts have recently been warning organizations that real -- and growing -- security dangers aren't from intruders, but from threats inside the organization. To that end, a group of researchers at the Software Engineering Institute have modeled these possibilities using the System Dynamics methodology.

The model and its results have been published in a paper entitled Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis, written by Stephen R. Band, Dawn M. Cappelli, Lynn F. Fischer, Andrew P. Moore, Eric D. Shaw, and Randall F. Trzeciak. The paper examines the psychological, technical, organizational, and contextual factors that contribute to insider trust betrayal. In particular, the report focuses on insider sabotage against IT systems, and espionage.

The study found parallels between the two categories of trust betrayal, including the:

• Contribution of personal predispositions and stressful events to the risk of an insider committing malicious acts
• Exhibition of behaviors and technical actions of concern by the insider preceding or during an attack
• Failure of their organizations to detect or respond to rule violations.
• Insufficiency of the organization’s physical and electronic access controls.

The researchers make recommendations that are based on the study.

Posted by Jon Erickson at 12:16 PM  Permalink