Login Signup
Verified Document

Justifying Research Methods And Design Insider Threats Research Paper

Related Topics:
Cyber Security Quantitative Research Cybersecurity Research Design
Open Document Cite Document

¶ … Justifying Research Methods and Design Insider threats are one of the primary sources of risk to an enterprise network and to intellectual property. For decades, the internet security realm has been rather narrowly focused on pre-empting insider threats by mean of sophisticated architecture and conventional login identification barriers. More recently, internet communications and technology (ICT) experts have taken an active position by using technological capacity to identify risk patterns, and devising systems to address insider threat when and where it is most likely to happen -- before it happens. In other words, rather than just taking a technological approach to the problem of insider threats, professionals with expertise in internet security dovetail sociological and psychological knowledge with technological knowhow The research in socio-technical methods for mitigating insider threat to enterprises hold profound promise for effective and agile solutions to a pervasive, expensive, and fluid problem.

A socio-technical approach to assessing, understanding, and mitigating insider threats capitalizes on expert knowledge about vulnerabilities and potential effective solutions. A malicious insider threat to an enterprise occurs when former or current personnel, contractors, or other types of business partners (who had or currently have authorized access to the data, network, or system belonging to an enterprise), and who intentionally misuse or exceed the access in such a way as to bring negative impact on the enterprise with regard to the integrity, trustworthiness, access / availability, or confidentiality of the company's organization and its information systems. The definition is a long one, but it clearly spells out the critical components: (1) Access to a system has been appropriately granted; (2) a trust relationship is maintained, which typically means that safeguards are static and security is often lowered as staff become complacent; (3) the work situation enables inappropriate or illegal use; and (4) the business enterprise suffers or is in danger of suffering damage due to the misuse of information.

Some of the most robust research in the internet systems security literature has utilized architectural patterns in a systems approach to develop models to address insider threats. A systems dynamics approach to permits researchers to simulate and analyze the architectural patterns associated with the threats, and to do so outside of the operational system of an enterprise (Mundie & Moore, 2012; Moore, et al., 2011; Moore, et al., 2012). The purpose of studying the patterns is to develop mitigation strategies for insider threats that are operationally valid and are scientifically derived (Burstein, 2008; Eysenck, 2004).). In order to develop these mitigation strategies, this author proposes a comprehensive research approach that incorporates both qualitative and quantitative methods in what is commonly referred to as a mixed methods approach.

A mixed methods approach is appropriate when researchers are not sure about what theories should guide their research, or what variables to measure, or even what questions to ask (Creswell, 2011). A novel line of research may establish this research predicament (Creswell, 2011). In order to address the first research question that is focused on identifying the specific risk that firms face from insider threats in cloud computing situations, a qualitative approach will be used in the form of a Delphi survey (Creswell, 2011). The first research question emphasizes a thorough inquiry into the types of specific insider threats rather than an actual frequency count of cyber attacks or cyber events. To quantitative inquiry will address the second research question that is focused on the cost assessment of risk (Creswell, 2011).

Research Question #1: What specific risks do companies face from insider threats in cloud computing situations?

The qualitative component of the research approach utilizes a Delphi approach for accessing the expert opinion of professional "sentries" and "protectors" of enterprise networks. The Delphi survey method has been used by a number of cybersecurity researchers to explore issues related to insider threats. (Catrantzos, 2009; Moore, 2011; Skulmoski, 2007). The Delphi method is an iterative approach to gathering information that relies on anonymous input from experts. Each expert selected for a Delphi survey panel needs to have substantive experience and exposure to the management or investigation of insider threats. Catrantzos (2009) used the Delphi method to test proposed cybersecurity techniques by assembling a panel of cybersecurity experts to review and critique the security methods. Catrantzos recruited dozens of experts -- including investigators, experienced defenders, and line managers -- across different disciplines and from different organizations. Moore, et al. (2012) used the Delphi approach as a complementary approach to an extensive mixed-methods research in the area of insider threats.

The rationale...

Parts of this document are hidden

View Full Document
svg-one

A diverse expert Delphi survey group might include professionals in counter espionage, business profit-and-loss, prevention of workplace violence, corporate reputational risk workers, defenders against systemic institutional fraud, military, and law enforcement. The comprehensive frame of a Delphi approach promotes adherence to best practices in cybersecurity research.
Alternative research approaches were considered but were rejected due to the need to cover a broad and deep array of potential insider threats. Indeed, a narrower approach to the proposed research could create an inquiry that did not fully consider the possible and actual sources of cyber risk. For instance, Moore et al. (2011) found that the potential for insider threats increases during the last 30 days of employment in an organization. While this is an entirely viable research topic, it is constrained. An inquiry that focused on insider threats during the last 30 days of employment would necessarily miss the long-tail threats that do not occur during that active period. A research design that incorporates a panel of experts with broad and deep experience is less likely to miss outlier events that can be substantively damaging even though they are not know to occur frequently. In fact, the 2011 CyberCrime Survey found that the 38% of respondents considered the most costly electronic crimes to be caused by outsiders, followed by insiders (33%), and unknown (29%).

Research Question #2: How can costs be effectively associated with risks? The quantitative component of the research approach will access and extract data from systems in order to make it available for analysis. The specific insider threat risks identified though the qualitative component of the research will provide the base for the quantitative research that will employ system dynamics simulation and modeling to derive the insider threat risk and cost relationships. It is hypothesized that the outcome of this quantitative research will show historical behavior in terms of the enterprise architecture. The systems dynamics can be used to simulate insider threats -- as identified by the Delphi expert panel -- and create tools to be used in interactive learning environments (ILE). The tools are intended to be used by decision makers, policy makers, finance officers, information technology specialists in order to understand the insider threat risk in cloud environments and the cost of proposed solutions. The tools will allow the evaluators to explore the risk-cost relationship based on simulations of procedural factors, technical considerations, cultural elements, and policies.

The rationale for using this quantitative approach to researching the cost-risk ratio is that the computer modeling and simulation capacity of a quantitative approach is far superior to a comparable attempt with qualitative methods. Moreover, using a computer modeling and simulation approach enables construction of an interactive learning environment (ILE) that is intuitive to use and easy to understand, such that professionals who do not ordinarily work with systems dynamics will be able to effectively use the tools.

Alternative research methods were considered, but were rejected on the basis that an effective cost-risk ration assessment would need to enable interactive capacity in order to be used by the expert panel recruited for the qualitative component of the research. Moreover, the computer modeling and simulation functions allow two primary objectives to be met: research and education / training. The research is grounded in both positivist theory and a pragmatic approach. Because the research outcomes are to include recommendations for application in praxis, it is once validation has taken place, the solutions will be used to estimate costs for risk mediation strategy implementation.

The quantitative component of the research is based on the work of Cappelli, et al. (2004) in the Management and Education of the Risk of Insider Threat (MERIT) program. The steps identified by Cappelli et al. (2004) for establishing an interactive learning environment (ILE) are as follows: (1) Collect and analyze extensive insider threat information and risk management strategies for those risks; (2) build the problem for the model; (3) assemble a panel of experts to include authorities on insider threats, psychology, systems dynamics, and technical security; (4) build the model that addresses the problem and the identified mitigation strategies; (5) Run the initial test simulations and calibrate the model; and (6) develop the evaluation and training materials that are aligned with the model and the interactive learning environment (ILE) (Cappelli et al., 2004; Desai, 2006; Groessler, 2004).

Conclusion

The proposed study will take a two-pronged approach to the inquiry by utilizing…

Continue Reading...
Sources used in this document:
References

Burstein, A.J. (2008, April). Conducting cybersecurity research legally and ethically. Berkeley School of Law, 18, 42. [Post]. University of California, Berkeley, CA. Retreived http://static.usenix.org/event/leet08/tech/full_papers/burstein/burstein_html/

Cappelli, D.M., Desai, A.G., Moore, A.P., Shimeall, T.J., Weaver, E.A., and Willke, B.J. (2004). Management and Education of the Risk of Insider Threat (MERIT): System dynamics modeling of computer system sabotage. CERT3 Program, Software Engineering Institute and CyLab, ?Pittsburgh, PA: Carnegie Mellon University.

Catrantzos, N. (2009, September). No dark corners: Defending against insider threats to critical infrastructure. [Master's thesis, Center for Homeland Defense and Security, Naval Postgraduate School, Monterey, California]. Retreived http://www.chds.us/?player&id=2319

Creswell, J.W. And Clark, V.L.P. (2011). Designing and conducting mixed methods research (2nd ed). Thousand Oaks, CA: Sage Publications.
Skulmoski, G.J., Harman, F.T., and Krahn, J. (2007). The delphi method for graduate research. Journal of Information Technology Education, 6. Retreived http://jite.org/documents/Vol6/JITEv6p001- 021Skulmoski212.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Understanding the Value of Qualitative Research
Words: 1754 Length: 6 Document Type: Research Paper

Understanding the Value of Qualitative Research Qualitative researchers have a number of different research strategies available to them, including case studies, phenomenology, grounded theory and ethnography. Each of these research strategies has its respective strengths and weaknesses, but ethnography in particular represents a special challenge since it seeks to learn more about a group of people from the perspective of an insider. The purpose of this paper is to provide a

Read More
Essay
Marketing Canon: Principles for Influencing Decision Making in Firms...
Words: 2900 Length: 10 Document Type: Research Paper

Marketing Canon: Approaches Based on Principles for Influencing Decision Making in Firms Operating in several geographical locations, quite a number of firms have many product lines, which many marketing scholars believe are ever confronted by myriad dilemmas. To facilitate consistent decision-making processes, it is vital for the firms to come up with overall but common marketing strategies while at the same time, it is very essential for firms to permit

Read More
Essay
Cloud Computing and Data Security
Words: 5196 Length: 18 Document Type: Term Paper

It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to

Read More
Essay
Market Orientation and Worldview from Cultural Perspective
Words: 43735 Length: 146 Document Type: Dissertation

Dissertation ManuscriptBySedric K. MorganGeopolitical Awareness and Understanding of the Current Monetary Policies: A Quantitative Study� Northcentral University, 2019 Comment by Author: Sedric � NOTE: take a look at the Turnitin Analysis report. Consider the areas that are closely related to student paper(s) from University of Maryland. I highly suspect this is a matter of improper paraphrasing (by you as well as these other student(s)). The areas are sourced and the

Read More
Essay
Ethics Needed in the US Counterintelligence Community
Words: 18748 Length: 62 Document Type: Capstone Project

HOW EARLY EFFORTSAT DEVELOPINGA COUNTERINTELLIGENCEPROGRAMINTHE 1950s AND 1960s INFLUENCED CURRENT USCOUNTERINTELLIGENCE POLICIESA Master ThesisSubmitted to the FacultyofAmerican Public University SystembyAlexgardo OrriolaIn Partial Fulfillment of theRequirement for the DegreeofMaster of ArtsAugust 2020American Public University SystemCharles Town, WVviTheauthorhereby grantsthe American PublicUniversity System the right todisplay these contentsfor educational purposes.Theauthorassumestotalresponsibility formeetingthe requirementsset by UnitedStates copyrightlawfor the inclusionofany materialsthatare not the author�screation or in the public domain.� Copyright2020by Alexgardo OrriolaAll rights reserved.DEDICATIONI dedicate thisthesisto

Read More
Essay
The Need for Virtue Ethics in the Counterintelligence Community
Words: 18535 Length: 62 Document Type: Dissertation or Thesis complete

CI FinalAbstractThis thesis describes the need for an ethical standard in counterintelligence (CI) so as to facilitate collaboration among the various CI agencies and the private sector. It conducts an analysis of the formation of the counterintelligence program under Angleton, the use of CI within the Federal Bureau of Narcotics under Anslinger, and the use of CI in the Phoenix Program and the FBI�s COINTELPRO. This analysis is used to

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now