Predictive Modeling for Insider Threat Mitigation

Predictive Modeling for Insider Threat Mitigation This project, funded by PNNL’s Laboratory Directed Research and Development Program is conducted under the Predictive Defense focus area of the Laboratory’s Information and Infrastructure Integrity Initiative. The current practice for addressing the insider cyber threat is to monitor the network and individual systems to identify when someone is not following established policy or is abusing their authorized level of access in a way that is harmful to the organization. The study takes many different approaches in order prevent inside threats. The main targets of this research were the current and former employees who had access to the information system, data or network with the degree of trust by the organization. Recent studies and surveys of cybercrime in both government and commercial sectors shows that current or former employees are the second greatest cyber crime threat. According to the 2007 e-Crime survey most insiders targeted proprietary information, include intellectual property, and customer and financial information. Many people argued that most threats can be easily prevented by “timely and effective action to address the anger, pain, anxiety, or psychological impairment of perpetrators who exhibit signs of vulnerability or risk well in advance of the crime of abuse.” This statement suggests that more research is needed on predictive indicators. But when it comes to predict who and when will commit an inside crime is still hard to predict. According to this research “currently, no single threat assessment technique gives a complete picture of the insider threat problem.” Many researcher suggests that a proactive approach must recognize possible precursors to insider threats behavior that are visible in employee behavior. There has been some controversy between the organization guarding their assets and employee privacy rights. Many organizations say that monitoring employees is a