Abstract
Managers often focus on external threats mainly due to the difficulties in evaluating the losses from the insider activities. The purpose of the study is to improve the efficient performance of an information security department and a company itself in counteracting insider threats by increasing the accuracy and rate of assessing the insider threat for each employee and ranking employees in accordance with the assessment of a summarized technical threat indicator. The authors morphologically analyze the features of insider activities in three sections and identify a promising area for combating the insiders – a prompt identification of unusual behavior signaling a breach of confidentiality. The paper describes an algorithm developed by the authors for assessing the insider threat for each employee of a company and ranking all employees by a summarized technical threat indicator. The steps to implement the algorithm are described in detail and a fuzzy derivation scheme of a summarized technical threat indicator is presented; an example is used to test the algorithm. The algorithm can be implemented as a part of a corporate information system. It is cheap to use and own, and it is rated as cost-efficient.
Highlights
Threat management aimed to maintain information security presupposes the collection, processing, and application of knowledge about threats which a company faces in order to improve, identify security measures and to respond with the management tools until all threats are completely eliminated
Financial, goodwill impairment, as well as problems with the corporate culture which has a double feedback with the insider activity make the situation even worse: a low level of the corporate culture provokes the insiders, which, in its turn, deteriorates a corporate culture
[22] McCrae and John (1992), [4] Batarshev (2005), [17] Kilmann (2011), [28] Thomas and Kilmann (2010). We addressed their works in developing the approach to insider threat detection
Summary
Threat management aimed to maintain information security presupposes the collection, processing, and application of knowledge about threats which a company faces in order to improve, identify security measures and to respond with the management tools until all threats are completely eliminated. The same is mainly true for the risk management in business. This is partly connected with the fact that the insider activity losses are difficult to measure, since their cause is deeply rooted, mainly with no explicit connection between the losses and the insiders. What is more, these losses are various in nature and their levels – from minor to huge and even fatal for the owners (bankruptcy or an illegal takeover). Financial, goodwill impairment, as well as problems with the corporate culture which has a double feedback with the insider activity make the situation even worse: a low level of the corporate culture provokes the insiders, which, in its turn, deteriorates a corporate culture. The attempts to raise the problems of the insider threats are sometimes neglected by the assumptions that the insider
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
