Securing Information Sharing Through User Security Behavioral Profiling

Conference paper

Abstract

This paper presents a method of minimizing the human-related information security problem of improper sharing of information by insiders with outsiders or unauthorized insiders. As opposed to most currently available information security solutions, this system does not rely solely on technological security measures, but adapts a mixture of social and technological solutions. The system presented through this research detects users’ observance of security best practices and behavioral patterns using both automatic and personal monitoring methods. It then creates user security behavioral profiles and thus identifies users who might potentially pose threats to the organization’s information security and determines and schedules the level and type of security education and training to be given to identified users.

Keywords

Human behavior Information security Insider threat Profiling Social Technological 

References

  1. 1.
    M. Bean, Human error at the centre of IT security breaches (2008), Available: http://www.newhorizons.com/elevate/network%20defense%20contributed%20article.pdf
  2. 2.
    E. Pronin, Perception and misperception of bias in human judgment. J. Trends Cogn. Sci. 11, 37–43 (2006)CrossRefGoogle Scholar
  3. 3.
    B. Schneier, The psychology of security (2011), Available: http://www.schneier.com/essay-155.html
  4. 4.
    B.R. Williams, Do it differently. J. Inf. Syst. Secur. Assoc. 9(5), 6 (2011)Google Scholar
  5. 5.
    D.M. Lynch, Securing against insider attacks, Information Security and Risk Management (2012), pp. 39–47. Available: http://www.csb.uncw.edu/people/ivancevichd/classes/MSA%20516/Supplemental%20Readings/Supplemental%20Reading%20for%20Wed,%2011-5/Insider%20Attacks.pdf
  6. 6.
    R.A. Grimes, How to thwart employee cybercrime, insider threat deep drive—combating the enemy within, infoworld—special report (2012), pp. 2–7. Available: http://resources.idgenterprise.com/original/AST-0001528_insiderthrea_2_v1.pdf
  7. 7.
    A. Liu, C. Martin, T. Hetherington, S. Matzner, A comparison of system call feature representations for insider threat detection, in Proceedings of the 2005 IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY, 2005Google Scholar
  8. 8.
    R.F. Mills, M.R. Grimaila, G.L. Peterson, J.W. Butts, A scenario-based approach to mitigating the insider threat. J. Inf. Syst. Secur. Assoc. 9(5), 12–19 (2011)Google Scholar
  9. 9.
    C. Vroom, R. Von Solms, Information security: auditing the behavior of the employee, in Security and Privacy in the Age of Uncertainty, IFIP TC11 18th International Conference on Information Security (SEC2003), Athens, Greece ed. by D Gritzalis, S. De Capitani di Vimercati, P. Samarati, S. Katsikas (Kluwer Academic Publishers, Norwell, MA, 2003), pp. 401–404Google Scholar
  10. 10.
    R.V. Sabett, Have you seen the latest and greatest ‘security game changer’? J. Inf. Syst. Secur. Assoc. 9(5), 5 (2011)Google Scholar
  11. 11.
    T. Asai, Information Security and Business Activities (Kameda Book Service, Niigata, Japan, 2007)Google Scholar
  12. 12.
    T.R. Peltier, Information Security Policies, Procedures and Standards: Guidelines for Effective Information Security Management (Auerback Publications, Boca Raton, FL, 2002)Google Scholar
  13. 13.
    J.J. Gonzalez, A. Sawicka, A framework for human factors in information security, in Proceedings of the 2002 World Scientific and Engineering Academic Society International Conference on Information Security, Rio de Janeiro, 2002Google Scholar
  14. 14.
    K. Foley, Maintaining a proactive and sustainable security program while hosting and processing personally identifiable information. J. Inf. Syst. Secur. Assoc. 9(5), 25–32 (2011)Google Scholar
  15. 15.
    S.A. Fernando, T. Yukawa, Internal control of secure information and communication practices through detection of user behavioral patterns, in Proceedings of The World Congress on Engineering 2013, Lecture Notes in Engineering and Computer Science, WCE 2013, London, U.K., pp. 1248–1253, 3–5 July 2013Google Scholar
  16. 16.
    D. Lacey, Managing the Human Factor in Information Security: How to win over staff and influence business (Wiley, West Sussex, England, 2009)Google Scholar
  17. 17.
    T.M. Young, S. Varano, Profiling pros and cons: an evaluation of contemporary criminal profiling methodologies, Final report—Honors Program (Northeastern University, Boston, MA, 2006)Google Scholar
  18. 18.
    M. Thompson, An introduction to behavioral evidence analysis (2012), Available: http://colbycriminaljustice.wikidot.com/criminal-profiling
  19. 19.
    J. Claridge, Criminal profiling and its use in crime solving (2012), Available: http://www.exploreforensics.co.uk/criminal-profiling-and-its-use-in-crime-solving.html
  20. 20.
    L. Winerman, Criminal profiling: the reality behind the myth. Am. Psychol. Assoc. 35(7), 66–69 (2004)Google Scholar
  21. 21.
    B. Turvey, Criminal profiling: an introduction to behavioral evidence analysis. Am. J. Psychiatry 157, 1532–1534 (2000)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2014

Authors and Affiliations

  1. 1.Department of Information Science and Control EngineeringNagaoka University of TechnologyNagaokaJapan
  2. 2.Department of Management and Information Systems ScienceNagaoka University of TechnologyNagaokaJapan

Personalised recommendations