Library
Wanting to expand your knowledge in insider risk? Signpost Six library tab offers you an updated overview of some of the significant literature in the field.
Insider Risk Management
- Security Policy Reform Council. Insider Threat Subcommittee. (2017). Assessing the Mind of the Malicious Insider: Using a Behavioural Model and Data Analytics to Improve Continuous Evaluation. Intelligence and National Security Alliance (INSA).
- Kont, M., Osula, A, Pihelgas, M., Wojtkowiak, J., Trinberg, L. (2018). Insider Threat Detection Study. NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).
- Luckey, D., Stebbins, D., Orrie, R., Rebhan, E., Bhatt, S., Beaghley, S. (2019). Assessing Continuous Evaluation Approaches for Insider Threats. RAND Corporation.
- Theis, M., Trzeciak, R., Costa, D., Moore, A., Millier, A., Cassidy, T., Claycomb, W. (2019). Common Sense Guide to Mitigating Insider Threats, Sixth Edition. Carnegie Mellon University – Software Engineering Institute.
- National Insider Threat Task Force. (2018). Insider Threat Program – Maturity Framework. Office of the Director of National Intelligence.
- Centre for the Protection of National Infrastructure. (2020). Insider Risk Mitigation Framework.
- Shaw, E., Fischer, L., Rose, A., (2009). Insider Risk Evaluation and Audit. Defense Personnel Security Research Center.
- Wetzel, J. (2017). Insider Threats to Financial Services: Uncovering Evidence With External Intelligence. Recorded Future.
- Scott, J., Spaniel, D. (2017). In 2017, The Insider Threat Epidemic Begins. Institute for Critical Infrastructure Technology.
- Costa, D., Albrethsen, M., Collins, M., Perl, S., Silowash, G., Spooner, D. (2016). An Insider Threat Ontology. Carnegie Mellon University – Software Engineering Institute.
- Moore, A., Perl, S., Cowley, J., Collins, M., Cassidy, T., Van Houdnos, N. (2016). The Critical Role of Positive Incentives for Reducing Insider Threats. Carnegie Mellon University – Software Engineering Institute.
- Moore, A., Novak, M., Collins, M., Trzeciak, R., Theis, M. (2015). Effective Insider Threats Programs: Understanding and Avoiding Potential Pitfalls. Carnegie Mellon University – Software Engineering Institute.
- Shaw, E., Sellers, L. (2015). Applications of the Critical-Path Method to Evaluate Insider Risks. Journal of Internal Security and Counterintelligence (59.2).
- Cole, E. (2015). Insider Threats and the Need for Fast and Directed Response. SANS Institute – Information Security Reading Room.
- Software Engineering Institute. (2015). Analytic Approaches to Detect Insider Threats. Carnegie Mellon University.
- Moore, A., Collins, M., Mundie, D., Ruefle, R., McIntire, D. (2014). Pattern-Based Design of Insider Threat Programs. Carnegie Mellon University – Software Engineering Institute.
- Upton, D., Creese, S. (2014). The Danger from Within. Harvard Business Review.
- Shaw, E., Payri, M., Cohen, M., Shaw, I. (2013). How Often Is Employee Anger An Insider Risk II? Detecting and Measuring Negative Sentiment versus Insider Risk in Digital Communications-Comparison between Human Raters and Psycholinguistic Software. Journal of Digital Forensics, Security and Law.
- Flynn, L., Huth, C., Trzeciak, R., Buttles, P. (2013). Best Practices Against Insider Threats in All Nations. Carnegie Mellon University – Software Engineering Institute.
- Cummings, A., Lewellen, T., McIntire, D., Moore, A., Trzeciak, R. (2012). Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector. Carnegie Mellon University – Software Engineering Institute.
- Lockheardt, C. (2012). The Human Factor: Using Behavioral Science to Counter Insider Threats. MITRE.
- Moore, A., Cappelli, D., Caron, T., Shaw, E., Spooner, D. (2011). A Preliminary Model of Insider Theft of Intellectual Property. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (2.1).
- Shaw, E. and Stock, H. (2011). Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall. Symantec.
- Defense Personnel Security Research Center. (2009). Espionage and Other Compromises of National Security. PERSEREC.
- Band, S., Cappelli, D., Fischer, L., Moore, A., Shaw, E., Trzeciak, R. (2006). Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis. Carnegie Mellon University – Software Engineering Institute.
- Shaw, E., Ruby, K., and Post, J. (1998). The Insider Threat to Information Systems. Security Awareness Bulletin (2-98).
- Intelligence Community Staff. (1990). Subject: Project SLAMMER Interim Report. Director of Central Intelligence.
Cyber Security Behaviours
- How to Manage the Computer-Security Threat. (2017) The Economist
- CREST Security Review. (2016). Cyber Security. Centre for Research and Evidence on Security Threats (CREST issue 2).
- Chelly, M. (2017). Employees’ Impact on Cyber Security: Human Behavior Consequences on Security Measures. Responsible Cyber.
- Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations – Release I. (2016) Ponemon Institute LLC.
- Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations – Release 2: The Widening Gap Between IT and End Users. (2016) Ponemon Institute.
- Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations – Release 3: Differences in Security Practices and Vigilance Across UK, France Germany and US. (2016) Ponemon Institute LLC.
- Evans, M., Maglaras, L., He, Y., Janicke, H. (2016). Human Behaviour as an Aspect of Cyber Security Assurance. De Montfort Univrsity – School of Computer Sciences and Informatics.
- Bada, M. and Sasse, A. (2014). Cyber Security Awareness Campaigns: Why do they Fail to Change Behaviour? Global Cyber Security Capacity Centre.
- Nurse, J., Legg, P., Buckley, O., Agrafiotis, I., Wright, G., Whitty, M., Upton, D., Goldsmith, M., Creese, S. (2014). A Critical Reflection on the Threat from Human Insiders – its Nature, Industry Perceptions, and Detection Approaches. University of Oxford – Department of Computer Science.
- Pfleeger, S. and Caputo, D. (2012). Leveraging Behavioral Science to Mitigate Cyber Security Risk. The MITRE Corporation.
Behavioural Threat Assessment
- National Center for the Analysis of Violent Crime – Behavioral Analysis Unit. (2017). Making Prevention a Reality: Identifying, Assessing, and Managing the Threat of Targeted Attacks. Federal Bureau of Investigations.
- Varazzani, C. (2017). The Brains Behind Behavioral Science. Behavioral Scientist.
- Davis, J. (2016). Stalking Crimes and Victim Protection. Psychology Today.
- Richtel, M. (2014). That Devil on Your Shoulder Likes to Sleep In. The New York Times.
- Glasgow, K. and Schouten, R. (2014). Assessing Violence Risk in Threatening Communications. Association for Computational Linguistics.
- Miller, A. (2014). Threat Assessment in Action. American Psychological Association.
- Slonje, R., Smith, P., Frisén, A. (2012). The Nature of Cyberbullying, and Strategies for Prevention. Computers in Human Behavior. Elsevier.
Cognitive Biases and Fake News
- Jack, C. (2017). Lexicon of Lies: Terms for Problematic Information. Data and Society Research Institute.
- Heuer, R. (1999). The Psychology of Intelligence Analysis. Central Intelligence Agency – Center for the Study of Intelligence.
- Brown, S. (2017). I Read the News, Therefore I am (Prejudiced). Psychology Today.
- Gu, L., Kropotov, V., Yarochkin, F., Leopando, J., Estialbo, J. (2017). Fake News and Cyber Propaganda: The Use and Abuse of Social Media. TREND MICRO.
- Franganillo, J., (2016). Information Overload, Why it Matters and How to Combat It. Interaction Design Foundation.
- Callagher, B. (2016). What Impact does Fake News have on the Real World. Merry Jane.
- Benson, B., and Manoogian III, J., (2016). The Cognitive Bias Codex.
Other Links
- Software Engineering Institute. Carnegie Mellon University: http://www.cert.org/insider-threat/
- American Psychological Association: http://www.apa.org/
- CREST UK: https://crestresearch.ac.uk/csr/
- University of Twente department of Psychology of Conflict, Risk and Safety (PCRS): https://www.utwente.nl/en/bms/pcrv/
- Association of European Threat Assessment Professionals: http://www.aetap.eu/