Abstract
This paper conceptualizes human trustworthiness1 as a key component for countering insider threats in an online community within the arena of corporate personnel security. Employees with access and authority have the most potential to cause damage to that information, to organizational reputation, or to the operational stability of the organization. The basic mechanisms of detecting changes in the trustworthiness of an individual who holds a key position in an organization resides in the observations of overt behavior – including communications behavior – over time. “Trustworthiness” is defined as the degree of correspondence between communicated intentions and behavioral outcomes that are observed over time [27], [25]. This is the degree to which the correspondence between the target’s words and actions remain reliable, ethical and consistent, and any fluctuation does not exceed observer’s expectations over time [10]. To be able to tell if the employee is trustworthy is thus determined by the subjective perceptions from individuals in his/her social network that have direct business functional connections, and thus the opportunity to repeatedly observe the correspondence between communications and behavior. The ability to correlate data-centric attributions, as observed changes in behavior from human perceptions; as analogous to “sensors” on the network, is the key to countering insider threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BBC News Online. (2002). “Enron Scandal at a glance,” [BBC News Online]. Obtained on August 22, 2006 from http://news.bbc.co.uk/1/hi/business/1780075.stm.
Benkoil, D. (1998, October) “An Unrepentant Spy: Jonathan Pollard Serving a Life Sentence,” [ABCNEWS.com], October 25, 1998.
C4ISR Joint Chiefs of Staff (2000). Information Assurance Through Defense In Depth. Washington D. C., February 2000.
Carr, J. (2007). Former Boeing Employee charged in data theft. SC Magazine. Released on July 12, 2007. Obtained from http://www.scmagazine.com/us/news/article/670671/ex-boeingemployee- charged-data-theft.
Cohen, L.E. and Felson, M. (1979). Social Change and Crime Rate Trends: A Routine Activity Approach. American Sociological Review, 44(4), (Aug., 1979), 588-608.
Durkheim, E. (1897). Suicide: A Study in Sociology. Trans. John A. Spaulding and George Simpson. New York: The Free Press, 1951.
FBI National Press Office. (2001). Federal Beaureu of Investigation Story: Robert Philip Hanssen Espionage Case. Released on Feb 20, 2001. Obtained from http://www.fbi.gov/libref/historic/famcases/hanssen/hanssen.htm.
Felson, M. (1987). Routine Activities and Crime Prevention in the Developing-Metropolis. Criminology, 25(4), (Nov. 1987), 911.
Felson, M. and Cohen, L.E. (1980). Human Ecology and Crime: A Routine Activity Approach. Human Ecology, 8(4), (Dec. 1980), 389-406.
Hardin, R. (1996). Trustworthiness. Ethics, Vol. 107, No. 1. (Oct., 1996), pp. 26-42.
Hardin, R. (2003). Gaming trust. In E. Ostrom & J. Walker (Eds.), Trust and reciprocity: Interdisciplinary lessons from experimental research(pp. 80-101). New York: Russell Sage Foundation.
Haydon, M.V. (1999). “The Insider Threat to U.S. Government Information Systems”, National Security Telecommunications and Information Systems Security Committee (NSTISSAM) INFOSEC 1-99, July 1999. http://www.nstissc.gov/Assets/pdf/NSTISSAM_INFOSEC1-99.pdf.
Heider, F. (1944). Social perception and phenomenal causality. Psychological Review, 51, 358- 374.
Heider, F. (1958). The psychology of interpersonal relations. New York: John Wiley & Sons.
Hirschi, T. (1969). Causes of Delinquency. Beverly Hills, CA: University of California Press.
Hirschi, T. & Gottfredson, M.R. (1986). The Distinction Between Crime and Criminality. In Critique and Explanation: Essays in Honor of Gwynne Nettler, edited by T. Hartnagel & R. Silverman (pp. 44-69). NJ: Transaction.
Ho, S.M. (2008). Towards a Deeper Understanding of Personnel Anomaly Detection. Encyclopedia of Cyber Warfare and Cyber Terrorism, 2008 IGI Global Publications, Hershey, PA.
Keeney, M., Kowalski, E., Cappelli, D., Moore, A., Shimeall, T., and Rogers, S. (2005). “Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors.” National Threat Assessment Center, U.S. Secret Service, and CERTtextregistered Coordination Center/Software Engineering Institute, Carnegie Mellon, May 2005, pp.21-34. Obtained from http://www.cert.org/archive/pdf/insidercross051105.pdf on April 10, 2007.
Kelley, H.H. (1973). The Process of Causal Attribution, American Psychologist, Feb 1973, 107-Obtained from http://faculty.babson.edu/krollag/org_site/soc_psych/kelly_attrib.html on July 5th, 2007.
Lamar, Jr. J.V. (1986). Two Not-So-Perfect Spies; Ronald Pelton is Convicted of Espionage as Jonathan Pollard Pleads Guilty. Time, 16 June 1986.
Mitnick, K.D. and Simon, W.L. (2002). The Art of Deception: Controlling the Human Element of Security. Indianapolis, Indiana: Wiley. 139
O’Connor, T. (2007). An Outline of Strain Theory; adapted from, T. O’Connor, Varieties of Strain Theory. Retrieved on January 05, 2007 from http://www.homestead.com/rouncefield/files/a_soc_dev_19.htm.
Park, J.S. and Ho, S.M. (2004). Composite Role-based Monitoring (CRBM) for Countering Insider Threats. Proceedings of Second Symposium on Intelligence and Security Informatics(ISI), Tucson, Arizona, June 2004.
Power, R. (2002). CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends, 2002.
Rotter, J.B. (1967). A new scale for the measurement of interpersonal trust. Journal of Personality, 35 (4), 651–665.
Rotter, J.B. and Stein, D.K. (1971). Public Attitudes Toward the Trustworthiness, Competence, and Altruism of Twenty Selected Occupations. Journal of Applied Social Psychology, Dec 1971, 1(4), 334–343.
Rotter, J.B. (1980). Interpersonal Trust, Trustworthiness, and Gullibility. American Psychologist, Jan 1980, 35(1), 1–7.
Sykes, G.M. and Matza, D. (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22(6), (Dec., 1957), 664-670.
Tittle, C.R. (2004). Refining Control Balance Theory. Theoretical Criminology, 8(4), November, 2004, 395-428.
Weiner, B. (2006). Social Motivation, Justice, and the Moral Emotions: An Attributional Approach. Lawrence Erlbaum Associates, inc., Mahwah, New Jersey.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC
About this paper
Cite this paper
Ho, S.M. (2008). Attribution-based Anomaly Detection: Trustworthiness in an Online Community. In: Liu, H., Salerno, J.J., Young, M.J. (eds) Social Computing, Behavioral Modeling, and Prediction. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-77672-9_15
Download citation
DOI: https://doi.org/10.1007/978-0-387-77672-9_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-77671-2
Online ISBN: 978-0-387-77672-9
eBook Packages: Computer ScienceComputer Science (R0)