Adventures in Insider Threat Predictive Analytics

Speaker: Frank L. Greitzer, PhD

Bio:

Frank L. Greitzer, Ph.D., is owner and Principal Scientist of PsyberAnalytix, which performs consulting in applied cognitive and behavioral systems engineering and analysis. Dr. Greitzer holds a PhD degree in Mathematical Psychology with specialization in memory and cognition and a BS degree in Mathematics. His current research interests are in characterizing human behavioral factors to help identify and mitigate insider threats to IT enterprises. He led a multidisciplinary group of researchers to develop a comprehensive insider threat ontology, Sociotechnical and Organizational Factors for Insider Threat (SOFIT). His most recent consulting work has helped organizations apply this ontology in their operational insider threat mitigation programs. Prior to founding PsyberAnalytix in 2012, Dr. Greitzer served for twenty years as a Chief Scientist at the U.S. Department of Energy’s Pacific Northwest National Laboratory, conducting R&D in human-information analysis and in advanced, interactive training technologies; and leading the R&D focus area of Cognitive Informatics, which addresses human factors and social/behavioral science challenges through modeling and advanced engineering/computing approaches. His experience also includes university/academic positions, research in human factors psychology for the U.S. Department of Defense, and human factors/artificial intelligence R&D in private industry. Dr. Greitzer is a member of the Intelligence and National Security Alliance (INSA) Insider Threat Subcommittee and is currently Editor-in-Chief of the journal, Counter-Insider Threat Research and Practice.

Abstract:

Insiders who destroy, steal, or leak sensitive information pose a serious threat to enterprises. An insider threat is an individual with authorized access to an organization’s systems, data, or assets, and who intentionally (or unintentionally) misuses that access in ways that harm (or risk) these assets. Recent industry surveys reveal that as much as 50% of reported incidents were considered accidental and nearly two-thirds were identified as malicious insider attacks. Along with a consistent rise in insider crimes, the costs of monitoring, incident response, remediation and other associated activities continues to increase. Insider risk assessment is a wicked/hard problem, and the research and operational communities are coming to realize that it is a human problem.

Spanning nearly two decades, a strong theme of my research has been to develop insider threat models that integrate relevant human behavioral and psychological factors with technical factors associated with host and network cybersecurity monitoring systems. This lecture will discuss my research on sociotechnical factors for insider threat anticipation and the continuing challenges to identify, integrate, and validate cyber and behavioral indicators of insider threat risk into effective detection and mitigation approaches. I will describe a comprehensive ontology of sociotechnical and organizational factors for insider threat (SOFIT) that can provide a foundation for more effective, whole-person predictive analytic approaches seeking to get “left of boom.” I will review some of my research aiming to inform this ontology and to support the development of more sophisticated, comprehensive, AI-based models for insider threat assessment.