iTnews

Research contradicts Brandis' focus on insider threats

By John Hilvert, iTnews on Sep 3, 2014 10:31AM
Research contradicts Brandis' focus on insider threats

Warns against creating an 'oppressive workplace'.

Insider threats represent a minimal risk to organisations and focusing on weeding out rogue employees is likely to result in an oppressive work environment, a leading researcher has warned.

The comments, made yesterday by a research scientist at Carnegie Mellon University, follow the Australian Government's introduction of new mandatory personnel security requirements for Commonwealth agencies to protect against the threat of an Edward Snowden or Bradley (Chelsea) Manning-style breach on Australian soil.

Announcing the new requirements at the Security in Government conference yesterday, Attorney-General George Brandis said a trusted insider was the most likely source of a security breach for an organisation, and government agencies therefore needed to monitor the suitability of personnel on an ongoing basis.

But at the same conference, Bill Claycomb, lead research scientist at the CERT Insider Threat Centre at Carnegie Mellon University, said the actual base rate of malicious insiders in an organisation equated to 0.02 percent of employees.

Focusing on discovering a rogue operator was likely to result in numerous false positives and the introduction of an oppressive work environment, he said.

Additionally, imposing controlling practices on employees to ensure security would not help the organisation retain top talent.

Claycomb warned that there was a fine line between employees feeling constantly watched and needing to monitor staff behaviour to detect illegal insider activity.

Similarly, the high number of false positives reported in such a regime - due to the discovery of inadvertent or non-malicious incidents  - could taint an insider threat prevention program.

Claycomb suggested that rather than constantly monitoring employees, organisations work to identify certain personality traits associated with a callous-manipulative interpersonal style and which fit many rogue insiders - specifically narcissism, Machiavellianism and psychopathy.

He said using such tools as the Linguistic Inquiry and Word Count text analysis software program could help calculate which employees use different categories of words associated with certain personality traits.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
brandis carnegie mellon cert insider manning security sig2014 snowden threat trusted

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By John Hilvert, iTnews
Sep 3 2014
10:31AM
0 Comments

Related Articles

  • University of Melbourne to upgrade endpoint security as five-year program progresses
  • Millions of devices vulnerable to BLURtooth info leak bug
  • UNSW restarts search for new CISO
  • Reserve Bank of NZ governor apologises for 'serious' data breach
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.