|Title||Sorting Insiders from Co-workers: Remote synchronous computer-mediated triage for investigating insider attacks|
|Authors||Dando, C.J., Taylor, P.J., Menacere, M., Ormerod, T.C., Ball, L.J. and Sandham, A.L.|
Objective: Develop and investigate the potential of a remote, computer mediated and synchronous text-based triage, which we refer to as InSort, for quickly highlighting persons of interest after an insider attack.
Background: Insiders maliciously exploit legitimate access to impair the confidentiality and integrity of organizations. The globalisation of organisations and advancement of information technology means employees are often dispersed across national and international sites, working around the clock, often remotely. Hence, investigating insider attacks is challenging. However, the cognitive demands associated with masking insider activity offer opportunities. Drawing on cognitive approaches to deception and understanding of deception-conveying features in textual responses we developed InSort, a remote computer mediated triage.
Method: During a 6-hour immersive simulation, participants worked in teams, examining password protected, security sensitive databases and exchanging information during an organized crime investigation. Twenty-five percent were covertly incentivized to act as an ‘insider’ by providing information to a provocateur.
Results: Responses to InSort questioning revealed insiders took longer to answer investigation relevant questions, provided impoverished responses, and their answers were less consistent with known evidence about their behaviors than co-workers.
Conclusion: Findings demonstrate InSort has potential to expedite information gathering and investigative processes following an insider attack.
|Keywords||Insiders, computer-mediated communication, deception, Triage|
|Journal||Human Factors: The Journal of the Human Factors and Ergonomics Society|
CC BY 4.0
File Access Level
Open (open metadata and files)
|Digital Object Identifier (DOI)||https://doi.org/10.1177/00187208211068292|
|Web address (URL)||https://doi.org/10.1177/00187208211068292|
|Published online||07 Mar 2022|
|Funder||UK Government Dept or Agency|