Cylab Distinguished Seminar
- Robert Mehrabian Collaborative Innovation Center
- Distributed Education Classroom 1201
- ANDREW P. MOORE
- Lead Researcher
- CERT Division's National Insider Threat Center
- Software Engineering Institute
Identifying and Preventing Organizational Behaviors Conducive to Insider Threat: The Critical Role of Positive Incentives
A common approach to formulating an insider threat defense is to look at previous insider compromises to identify insider behaviors the organization needs to watch for and avenues of attack where the organization was vulnerable. Less common is to ask how the organization’s workforce management practices may create a situation that is conducive to the threat. This is not to imply the organization is at fault in insider compromise – most insider threat cases are violations of law or agreements with the organization that are prosecutable in court. Nevertheless, organizations may reduce the frequency of insider misbehavior and its associated costs by instituting practices that reduce insider disgruntlement. Our research focuses on a special class of such practices that we call positive incentives. Without properly dealing with the context in which insider threats occur, insider misbehaviors may simply be repeated as a natural response to existing counterproductive practices. This talk will provide evidence of the importance of analyzing organizational behaviors as part of a balanced approach to reduce insider threat.
Andrew P. Moore is the lead researcher in the CERT Division’s National Insider Threat Center of the Software Engineering Institute. Andy works with teams across the SEI applying modeling and simulation techniques to cyber security, and system and software engineering problems. He has over 30 years of experience developing and applying mission-critical system analysis methods and tools, leading to the transfer of critical technology to both industry and the government. Before joining the Software Engineering Institute/CERT in 2000, Andy worked for the U.S. Naval Research Laboratory developing, analyzing, and applying high-assurance system development methods for the Navy. He has published a book, two book chapters, a special journal issue on insider threat modeling and simulation, and a wide variety of technical journal and conference papers. Andy has a Master’s degree in Computer Science from Duke University, a Bachelor’s degree in Mathematics and Computer Science from the College of Wooster, and a Graduate Certificate in System Dynamics Modeling and Simulation from Worcester Polytechnic Institute.