Martinez-Moyano, I. J., Rich, E., Conrad, S., Andersen, D. F., and Stewart, T. R. 2008. A behavioral
theory of insider-threat risks: A system dynamics approach. ACM Trans. Model. Comput.
Simul. 18, 2, Article 7 (April 2008)
The authors describe a behavioral theory of the dynamics of insider-threat risks. Drawing on data
related to information technology security violations and on a case study created to explain the
dynamics observed in that data, the authors constructed a system dynamics model of a theory
of the development of insider-threat risks and conducted numerical simulations to explore the parameter and response spaces of the model. By examining several scenarios in which attention
to events, increased judging capabilities, better information, and training activities are simulated,
the authors theorize about why information technology security effectiveness changes over time.
The simulation results argue against the common presumption that increased security comes at
the cost of reduced production.
Categories and Subject Descriptors: I.6.3 [Simulation and Modeling]: Applications; I.6.0
[Simulation and Modeling]: General
General Terms: Theory, Security
Additional Key Words and Phrases: Insider threat, risk system dynamics, modeling, behavioral
theory, signal detection theory, judgment and decision making, policy analysis, security modeling