Insider Threat Modeling: An Adversarial Risk Analysis Approach

Abstract

Insider threats entail major security issues in many organizations. Game theoretic models of insider threats so far proposed do not take into account important factors such as the organizational culture and whether the attacker was detected or not. They also fail to model defensive mechanisms already put in place by an organization to mitigate insider attacks. We propose two new models which incorporate these settings and, hence, are more realistic, and use adversarial risk analysis to find their solutions. Our models and solutions are general and can be applied to most insider threat scenarios. A data security example illustrates the discussion.