This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Combating the Insider Cyber Threat
January/February 2008 (vol. 6 no. 1)
pp. 61-64
Frank L. Greitzer, Pacific Northwest National Laboratory
Andrew P. Moore, Carnegie Mellon University
Dawn M. Cappelli, Carnegie Mellon University
Dee H. Andrews, Air Force Research Laboratory
Lynn A. Carroll, Karta Technologies
Thomas D. Hull, Oak Ridge Institute for Science and Education
Organizations must implement effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them.

1. DoD Office of the Inspector General, DoD Management of Information Assurance Efforts to Protect Automated Information Systems, tech. report no. PO 97-049, US Dept. of Defense, Sept. 1997.
2. P.E. Doolittle and W.G. Camp, "Constructivism: The Career and Technical Education Perspective," J. Vocational and Technical Education, vol. 16, no. 1, 1999; http://scholar.lib.vt.edu/ejournals/JVTE/ v16n1doolittle.html.
3. F.L. Greitzer, D.J. Pond, and M. Jannotta, "Scenario-Based Training on Human Errors Contributing to Security Incidents," Proc. Interservice/Industry Training, Simulation, and Education Conf. (I/IT-SEC 04), 2004; http://ntsa.metapress.com/app/homecontribution.asp?referrer=parent&backto=issue,130,174;journal,4,8;linkingpublicationresults,1:113340,1 .
4. F.L. Greitzer et al., "Learning to Pull the Thread: Application of Guided-Discovery Principles to the Inquiry Process," Proc. Interservice/Industry Training, Simulation, and Education Conf. (I/ITSEC 05), 2005; www.simsysinc.com/IITSECED2005.htm#_Toc118714554 .
5. F.L. Greitzer, O.A. Kuchar, and K. Huston, "Cognitive Science Implications for Enhancing Training Effectiveness in a Serious Gaming Context," ACM J. Educational Resources in Computing, vol. 7, no. 3, Article 2, August 2007; .
6. F.L. Greitzer et al., Predictive Adaptive Classification Model for Analysis and Notification: Internal Threat, tech. report PNNL-16713, Pacific Northwest National Lab., 2007.
7. M. Keeney et al., Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors, tech. report, U.S. Secret Service and Carnegie Mellon Univ., Software Eng. Inst., 2005; http://portal.acm.org/citation.cfm?id=1281320.1281322&coll=&dl=ACM&idx=J814&part=journal&WantType=Journals&title=Journal%20on%20Educational%20Resources%20in%20Computing%20(JERIC)www.secretservice.gov/ ntac its_report_050516.pdf .
8. M.R. Randazzo et al., Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, tech. report no. CME/SEI-2004-TR-021, Carnegie Mellon Univ., Software Eng. Inst., 2004; www.sei.cmu.edu/publications/documents/04.reports 04tr021.html.
9. A.P. Moore et al., "An Experience Using System Dynamics Modeling to Facilitate an Insider Threat Workshop," Proc. 25th Conf. System Dynamics Soc., The System Dynamics Society, 2007; www.cert.org/archive/pdfISDC2007.pdf.
10. S.R. Band et al., Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis, tech. report CMU/SEI-2006-TR-026, Carnegie-Mellon Univ., Software Eng. Inst., 2006.
11. D.M. Cappelli, A.P. Moore, and T.J. Shimeall, Common Sense Guide to Prevention/Detection of Insider Threats, tech. report, Carnegie Mellon Univ., CyLab and the Internet Security Alliance, July 2006; www.cert.org/archive/pdfCommonSenseInsiderThreatsV2.11070118.pdf .
12. D. Cappelli et al., "Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage," Proc. 24th Conf. System Dynamics Soc., The System Dynamics Society, 2006; www.cert.org/archive/pdfmerit.pdf.

Index Terms:
Merit Interactive, training, insideer attack, attack, CERT, threat mitigation, Education
Citation:
Frank L. Greitzer, Andrew P. Moore, Dawn M. Cappelli, Dee H. Andrews, Lynn A. Carroll, Thomas D. Hull, "Combating the Insider Cyber Threat," IEEE Security & Privacy, vol. 6, no. 1, pp. 61-64, Jan.-Feb. 2008, doi:10.1109/MSP.2008.8
Usage of this product signifies your acceptance of the Terms of Use.