Unintentional Insider Threats: Social Engineering

Unintentional Insider Threats: Social Engineering

Active / Technical Report | Accession Number: ADA592507 |

Abstract:

The research documented in this report seeks to advance the understanding of the unintentional insider threat UIT that derives from social engineering. The goals of this research are to collect data on additional UIT social engineering incidents to build a set of cases for the Management and Education of the Risk of Insider Threat MERIT database, and to analyze such cases to identify possible behavioral and technical patterns and precursors. The authors hope that this research will inform future research and development of UIT mitigation strategies.

Author(s):

No Author(s) Identified

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Descriptive Note:

Technical note

Supplementary Note:

Sponsored in part by the Department of Homeland Security (DHS), Office of Federal Network Resilience (FNR), Cybersecurity Assurance Branch (CAB).

Pagination:

0109

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-2013-TN-024

Contract/Grant Number(s):

FA8721-05-C-0003

Monitor Series:

AFLCMC/MA

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_4.6_Engineering; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_7_Protection; JCA_2.1_Planning and Direction; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.3_Develop Strategy; JCA_5.3.1_Analyze Problem; JCA_4.6.1_General Engineering; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_5.2_Understand; JCA_2.1.2_Develop Strategies; JCA_1.2.1_Training; JCA_5.4_Decide; JCA_2.1.3_Task and Monitor Resources; JCA_5.6.3_Assess Achievement of Objectives; JCA_5.6_Monitor; JCA_1.2.3_Educating; JCA_1.2.5_Lessons Learned

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*ATTACK, *CASE STUDIES, *COMPUTER NETWORK SECURITY, *INFORMATION SECURITY, *RISK ANALYSIS, *RISK MANAGEMENT, *THREATS, ANXIETY, ATTENTION, ATTITUDES(PSYCHOLOGY), COMPUTER VIRUSES, DATA BASES, DEMOGRAPHY, ELECTRONIC MAIL, JUDGEMENT(PSYCHOLOGY), MEMORY(PSYCHOLOGY), PERSONALITY, POLICIES, STRESS(PSYCHOLOGY), TAXONOMY, VULNERABILITY

Field(s)/Group(s):

Administration and Management, Psychology, Computer Systems Management and Standards

Keyword(s):

*UNINTENTIONAL INSIDER THREATS, *SOCIAL ENGINEERING, *MITIGATION STRATEGIES, PHISHING ATTACKS, GENDER, AGE, PERSONALITY TRAITS, JOB PRESSURE, LACK OF ATTENTION, LACK OF KNOWLEDGE, MEMORY FAILURE, FAULTY REASONING, RISK TOLERANCE, POOR RISK PERCEPTION, CASUAL VALUES, PHYSICAL IMPAIRMENTS, DEMOGRAPHIC FACTORS, ORGANIZATIONAL FACTORS, HUMAN FACTORS, CYBERSECURITY ASSURANCE

Report Date:

2014 Jan 01

Creation Date:

2014 Feb 12