A method for insider threat assessment by modeling the internal employee interactions

Insider's information security threat is one of the most critical issues in organizations. Due to their access to the assets and their knowledge about the systems, they pose a significant threat on organizations. It is difficult to distinguish between the behavior of normal employee and anomalous one due to its complex nature. It is important to predict the potential of occurring an undesired behavior of by an employee before taking place a security failure. An employee with a high degree of threat may try to influence other colleagues to encourage them to behave improperly and cause an information security breach. Therefore, analyzing the relationships between colleagues and assessing the influence propagation of insider threats play an important role in information security improvement process. This paper introduces an approach for modeling the relationships between colleagues to estimate the impact propagation of insider threats in organizations. The proposed approach has two main phases. In the first phase, the potential threat level of the organization employees is evaluated using the human and organizational factors of information security questionary. In the second phase, by modeling the employee's relationships, the influence propagation of threats is estimated. The introduced model is based on directed graph structure, and it is parameterized by the employee's threat values obtained from the first stage of the presented approach. We want to investigate how malicious or unacceptable behavior of an employee may affect the behavior of other employees and how can we model and evaluate this issue?