Modelling of Enterprise Insider Threats

Puloma Roy, Chandan Mazumdar


In this paper, a position has been taken to include the non-human active agents as insiders of an enterprise, as opposed to only human insiders as found in the literature. This eliminates the necessity of including the psycho-social and criminological behavioural traits to be incorporated in the management of insider threats. A framework of an Enterprise has been developed and it is shown that within the framework, both the human and non-human agents can be modelled as insider threats in a uniform manner. An example case has been analysed as supporting evidences for the point of view.


  1. Althebyan, Q., Panda, B., 2008. Performance Analysis of An Insider Threat Mitigation Model. In 3rd International Conference on Digital Information Management, ICDIM IEEE.
  2. Bishop, M., et. al, 2010. A Risk Management Approach To The “Insider Threat”. In The Insider Threats in Cyber Security, Advances in Information Security, SPRINGER.
  3. Bishop, M., Gates, C., 2008. We Have Met The Enemy And He Is Us. In The workshop on New security paradigms, ACM.
  4. Coles-Kemp, L., Theoharidou, M., 2010. Insider Threat and Information Security Management. In Insider Threats in Cyber Security, SPRINGER.
  5. CERT, 2013.Cyber Security Watch Survey, “How Bad Is the Insider Threat?”, Carnegie, Mellon University.
  6. Eberle,W., Holder, L., 2009. Insider Threat Detection Using Graph-Based Approaches. In Cyber security Applications & Technology Conference For Homeland Security, IEEE.
  7. Greitzer, FL., et. al, 2010. Identifying at-Risk Employees: A Behavioral Model for Predicting Potential Insider Threats. Pacific Northwest National Laboratory Richland, Washington.
  8. Greitzer, FL., et. al., 2009. Predictive Modeling for Insider Threat Mitigation. Pacific Northwest National Laboratory, Washington.
  9. Greitzer, FL., Hohimer, RE., 2011. Modeling Human Behavior to Anticipate InsiderAttacks. In Journal of Strategic Security, HMU.
  10. Meijer, E. And Kapoor, V, 2014. The Responsive Enterprise: Embracing the Hacker Way, Communications of the ACM.
  11. Moore, AP., et. al., 2009. Insider Theft Of Intellectual Property For Business Advantage: A Preliminary Model. In 1st International Workshop on Managing Insider Security Threats CERT Program, Software Engineering Institute and CyLab at Carnegie Mellon University.
  12. Legg, P., et. al, 2013. Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection, In Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISYOU.
  13. Moore, AP., et. al., 2011. .A Preliminary Model of Insider Theft of Intellectual Property. In Technical note Carnegie Mellon University, CERT.
  14. Nurse, J., et. al, 2014.Understanding Insider Threat: A Framework For Characterising Attacks, In Security and Privacy Workshops, IEEE.
  15. Pwc., 2013..Key findings from the 2013 US State of Cybercrime Survey.
  16. Shahbaz, M., Groz, R., 2009. Inferring Mealy Machines. In 2nd World Congress on Formal Methods, SPRINGER.

Paper Citation

in Harvard Style

Roy P. and Mazumdar C. (2015). Modelling of Enterprise Insider Threats . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 132-136. DOI: 10.5220/0005327901320136

in Bibtex Style

author={Puloma Roy and Chandan Mazumdar},
title={Modelling of Enterprise Insider Threats},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},

in EndNote Style

JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Modelling of Enterprise Insider Threats
SN - 978-989-758-081-9
AU - Roy P.
AU - Mazumdar C.
PY - 2015
SP - 132
EP - 136
DO - 10.5220/0005327901320136