Martinez-Moyano, I. J., Rich, E., Conrad, S., Andersen, D. F., and Stewart, T. R. 2008. A behavioral theory of insider-threat risks: A system dynamics approach. ACM Trans. Model. Comput. Simul. 18, 2, Article 7 (April 2008)

The authors describe a behavioral theory of the dynamics of insider-threat risks. Drawing on data related to information technology security violations and on a case study created to explain the dynamics observed in that data, the authors constructed a system dynamics model of a theory
of the development of insider-threat risks and conducted numerical simulations to explore the parameter and response spaces of the model. By examining several scenarios in which attention to events, increased judging capabilities, better information, and training activities are simulated,
the authors theorize about why information technology security effectiveness changes over time. The simulation results argue against the common presumption that increased security comes at the cost of reduced production.

Categories and Subject Descriptors: I.6.3 [Simulation and Modeling]: Applications; I.6.0 [Simulation and Modeling]: General
General Terms: Theory, Security Additional Key Words and Phrases: Insider threat, risk system dynamics, modeling, behavioral theory, signal detection theory, judgment and decision making, policy analysis, security modeling