Malicious Insider Threat Types – An Empirical Analysis

36th Bled eConference – Digital Economy and Society: The Balancing Act for Digital Innovation in Times of Instability: June 25 – 28, 2023, Bled, Slovenia, Conference Proceedings Pub Date : 2023-12-12 DOI:10.18690/um.fov.6.2023.8

Manfred Hofmeier, Isabelle Haunschild, Ulrike Lechner

{"title":"Malicious Insider Threat Types – An Empirical Analysis","authors":"Manfred Hofmeier, Isabelle Haunschild, Ulrike Lechner","doi":"10.18690/um.fov.6.2023.8","DOIUrl":null,"url":null,"abstract":"Malicious insider threats represent a particular challenge not only for defense, but also for research, as it is estimated there is a high number of unreported cases. Current taxonomies and typologies usually focus on specific aspects, such as goal or motivation, and tend to have tight boundaries. A number of malicious insider threat attack scenarios were identified in our research through qualitative interviews, enhanced with a game-based creative approach. The resulting data was used to develop a malicious insider threat typology in an empirical bottom-up approach. We developed an analysis scheme from existing taxonomies and typologies and used it in an empirical analysis of malicious insider roles and attack scenarios. We were able to identify eleven archetypes of malicious insider threats considering multiple facettes. This paper describes the analysis and the identified types.","PeriodicalId":504907,"journal":{"name":"36th Bled eConference – Digital Economy and Society: The Balancing Act for Digital Innovation in Times of Instability: June 25 – 28, 2023, Bled, Slovenia, Conference Proceedings","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"36th Bled eConference – Digital Economy and Society: The Balancing Act for Digital Innovation in Times of Instability: June 25 – 28, 2023, Bled, Slovenia, Conference Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18690/um.fov.6.2023.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Malicious insider threats represent a particular challenge not only for defense, but also for research, as it is estimated there is a high number of unreported cases. Current taxonomies and typologies usually focus on specific aspects, such as goal or motivation, and tend to have tight boundaries. A number of malicious insider threat attack scenarios were identified in our research through qualitative interviews, enhanced with a game-based creative approach. The resulting data was used to develop a malicious insider threat typology in an empirical bottom-up approach. We developed an analysis scheme from existing taxonomies and typologies and used it in an empirical analysis of malicious insider roles and attack scenarios. We were able to identify eleven archetypes of malicious insider threats considering multiple facettes. This paper describes the analysis and the identified types.

查看原文本刊更多论文

恶意内部威胁类型--经验分析

恶意内部威胁不仅对防御，而且对研究都是一个特殊的挑战，因为据估计有大量未报告的案例。目前的分类法和类型学通常侧重于特定方面，如目标或动机，而且往往有严格的界限。在我们的研究中，通过定性访谈确定了一些恶意内部威胁攻击情景，并通过基于游戏的创造性方法加以强化。我们采用自下而上的实证方法，利用所得数据建立了恶意内部威胁类型学。我们从现有的分类法和类型学中开发了一种分析方案，并将其用于对内部恶意人员角色和攻击情景的实证分析。考虑到多个方面，我们确定了 11 种恶意内部威胁原型。本文介绍了分析方法和确定的类型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

36th Bled eConference – Digital Economy and Society: The Balancing Act for Digital Innovation in Times of Instability: June 25 – 28, 2023, Bled, Slovenia, Conference Proceedings

自引率

0.00%

发文量