PRACTICAL CYBERSECURITY CONTROLS FOR COUNTERING THE INSIDER

THREAT: A QUALITATIVE DELPHI STUDY

by

Senica M. Woodruff, Sr.

VU TRAN, EdD, Faculty Mentor and Chair

W
VANESSA WOOD, EdD, Committee Member

RANDALL VALENTINE, PhD, Committee Member

IE
EV
Todd C. Wilson, PhD, Dean

School of Business and Technology

PR

A Dissertation Presented in Partial Fulfillment

Of the Requirements for the Degree

Doctor of Information Technology

Capella University

April 2020
 ProQuest Number: 27956335

All rights reserved

INFORMATION TO ALL USERS

The quality of this reproduction is dependent on the quality of the copy submitted.

In the unlikely event that the author did not send a complete manuscript
and there are missing pages, these will be noted. Also, if material had to be removed,
a note will indicate the deletion.

W
IE
EV
ProQuest 27956335

Published by ProQuest LLC ( 2020 ). Copyright of the Dissertation is held by the Author.

All Rights Reserved.

PR

This work is protected against unauthorized copying under Title 17, United States Code
Microform Edition © ProQuest LLC.

ProQuest LLC
789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
 © Senica M. Woodruff, Sr., 2020

W
IE
EV
PR
 Abstract

This qualitative Delphi study examined the perspectives of cybersecurity and information

technology experts to build consensus and develop a proactive model for defending the corporate

infrastructure from the insider threat and protecting intellectual property and proprietary data.

The study is responsive to the growing threat of insider threat technology which creates a

significant business technology problem. A panel of 16 cybersecurity and IT experts, each have

achieved a CISSP certification, currently hold ISSO/ISSM positions, and have more than 10

years of cybersecurity and or IT experience, were assembled for this study. Experts were

interviewed in multiple iterative rounds until consensus and data saturation were achieved.

W
Experts reached consensus on four themes: the definition of the term insider threat; third-party
IE
software that can be used to identify, mitigate, and prevent insider threat; security controls that

can be used to identify, mitigate, and prevent insider threat, the most common security controls
EV
implemented to the corporate infrastructure. From these themes, the insider threat model for

proactive cybersecurity defense against intentional and unintentional threats was developed. The

insider threat model focuses on four simple cyber strategies: implementation of security controls;
PR

implement third-party insider threat software; insider threat program and training for employees,

implement cybersecurity policies and procedures, and increase funding for cybersecurity for the

ever expanding threat.

 Dedication

I dedicate the research to my two sons Senica Jr. and Khalil Woodruff. One of my

motivations to pursue a doctorate was to show my sons who are attending Arizona State

University and San Diego State University, that it can be done. If your old dad can do it, you can

too.

W
IE
EV
PR

iii
 Acknowledgments

I would like to acknowledge the staff at Capella, specifically Dr. Vu Tran. Dr. Vu spent

numerous hours dragging me kicking and screaming through the dissertation process by

tirelessly reviewing and providing suggestions on ways to improve my dissertation. Dr. Vu met

with me weekly even after he was injured and on pain killers after being rear ended in a car

accident. That is the definition of dedication to your students. Thank you Dr. Vu.

W
IE
EV
PR

iv
 Table of Contents

Acknowledgments.................................................................................................. iv

CHAPTER 1. INTRODUCTION ............................................................................1

Introduction ..............................................................................................................1

Background of the Study .........................................................................................3

Business Technical Problem ....................................................................................5

Research Purpose .....................................................................................................7

Research Question ...................................................................................................8

Rationale ..................................................................................................................9

W
Theoretical Framework ..........................................................................................10
IE
Significance of the Study .......................................................................................12

Definition of Terms................................................................................................13
EV
Assumptions and Limitations ................................................................................15

Organization for Remainder of Study ....................................................................16

Summary ................................................................................................................17
PR

CHAPTER 2. LITERATURE REVIEW ...............................................................19

Introduction ............................................................................................................19

Insider Threat .........................................................................................................20

Characteristics of Insider Threats ..........................................................................35

Psychological Indicators ........................................................................................37

Motivations Behind the Insider Threat ..................................................................38

Attack Vectors .......................................................................................................41

Impacts of Insider Threats .....................................................................................41

v
Risk Management Framework (RMF) ...................................................................45

Insider Threat Detection ........................................................................................54

Elevation of Privileges ...........................................................................................58

Host Based Security System (HBSS) ....................................................................59

Intrusion Detection System (IDS) ..........................................................................59

Intrusion Prevention System (IPS).........................................................................60

Abnormality Detection...........................................................................................61

Encryption ..............................................................................................................62

Compartmentalization of Data ...............................................................................62

W
Insider Threat Deterrence, Detection, Prevention, and Training ...........................63
IE
Insider Threat Conferences ....................................................................................69

Consequences because of the Insider Threat .........................................................70

EV
Technology Adoption Theory (TAM) ...................................................................74

Summary ................................................................................................................75

CHAPTER 3. METHODOLOGY .........................................................................80

PR

Introduction ............................................................................................................80

Research Design and Methodology .......................................................................80

Participants .............................................................................................................82

Analysis of Research Questions.............................................................................85

Credibility and Dependability ................................................................................88

Data Collection ......................................................................................................90

Data Analysis .........................................................................................................92

Ethical Considerations ...........................................................................................94

vi
CHAPTER 4. RESULTS .......................................................................................97

Introduction ............................................................................................................97

Modifications and Enhancements to the Data Collection Planned Process ...........98

Data Collection Results..........................................................................................99

Data Analysis and Results ...................................................................................105

Summary ..............................................................................................................112

CHAPTER 5. DISCUSSION, IMPLICATIONS, RECOMMENDATIONS ......113

Introduction ..........................................................................................................113

Evaluation of Research Questions .......................................................................114

W
Fulfillment of Research Purpose ..........................................................................118
IE
Contribution to Business Technical Problem ......................................................118

Recommendations for Further Research ..............................................................119

EV
Conclusions ..........................................................................................................120

References ............................................................................................................122
PR

vii
 List of Tables

Table 1. Description of Participants……………………………………………………..102

Table 2. Participant Definitions of Insider Threat……………………………………….107

W
IE
EV
PR

viii
 CHAPTER 1. INTRODUCTION

Introduction

The 2018 Cybersecurity Insider Threat Report found that 90% of organizations feel

vulnerable to a threat from insiders (Schulze, 2018). The threats from insiders are frequently

regarded as the greatest cybersecurity threat to organizations and the confidentiality, integrity,

and availability (CIA) of proprietary corporate data and intellectual property (Boss, Kirsch,

Angermeier, Shingler, & Boss, 2009; Holmlund, Mucisko, Lynch, & Freyre, 2011). In one

survey conducted by Holmlund et al. (2011), from the more than 600 organizations selected,

insider threats were suspected in 21% of electronic crimes. Of the companies in the survey

W
experiencing security breaches within the last 12 months, 81% have reported an insider threat
IE
data compromise increase (Holmlund et al., 2011). The same survey found 46% of the

companies reported that insider attacks contributed more damage than outsider attacks
EV
(Holmlund et al., 2011).

An insider attack is as dangerous to an organization as an external attack by hacktivists,

hackers, organized crime, or nation-states (McNerney & Papadopoulos, 2013). One of the major
PR

tasks of information technology (IT) and cybersecurity professionals is to detect, mitigate, and

prevent insiders from conducting activities that can lead to potential intellectual proprietary data

loss or contamination of the information system (NIST, 2019). An IT and cybersecurity

professional’s main purpose is to ensure the CIA of proprietary corporate data across clients,

servers, as well as network devices routers, switches, and bridges (Zimba & Chama, 2018).

Pursuant to National Institute of Standards and Technology (NIST, 2018a), the job of these

professionals is to protect the organization against unapproved usage of the organization data by

employees with approved access rights to these data.

1
 Evidence from previous insider breaches demonstrated that the financial cost to

organizations because of insider threats is high. According to an article by Gogan (2017), 53% of

companies report estimated remediation costs of $100,000 and more, with 12% estimating a cost

of more than $1 million. In a separate report, within the last seven years, the cost of the insider

threat has increased to $206,000 per insider incident (Kohen, 2017). In a 2016 study from

Ponemon Institute, covering 874 incidents, reported by companies for the 2016 Cost of Data

Breach Study, 568 incidents were caused by a company employee or subcontractor security

failure, 85 incidents were caused by the adversary using stolen company credentials, and 191

were incidents caused by insider threats and cyber criminals (Ponemon Institute, 2016). Based on

W
Kohen’s estimation, 191 incidents of insider threat would cost $40 million for a company.
IE
Throughout the course of a year, the cost of an insider threat incident averaged $4.3 million per

company. Kohen (2017) found large companies spending the most to resolve an insider incident
EV
at $7.8 million. To combat this $460 billion-dollar problem (Klara, 2017), commercial and

Department of Defense (DoD) contractors have invested significant capital into insider threat

studies, security governance development, and security awareness training.

PR

According to Marrow (2017), the 2017 federal fiscal budget for information security was

$19 billion and a single cybersecurity contract cost up to $1 billion. Marrow (2017) also found

these contracts were awarded to federal contractors so that the contractor could build custom

cyber solutions for specific agencies. According to GovWin (2017), $2.891 billion was spent in

2017 on insider threat protection efforts and solutions. This was a budget increase from $2.281

billion in 2015 and $2.448 billion in 2016.

This study investigated the most common security controls which can be used for, or in

conjunction with, advanced detection, tracking, mitigation, and prevention of the insider threat

2
within the information system. Specifically, using the qualitative Delphi to conduct a group

interview, this study documented which commonly implemented security control measures were

installed and configured on the infrastructure. This study included the use of commercial off-the-

shelf security software to safeguard an organization’s information systems from the insider

threat.

Chapter 1 explained the background, the business technical problem, and identified the

research purpose and research question. Chapter 1 also included the assumptions, limitations,

and definitions. Chapter 1 concluded with a discussion of the theoretical concepts behind the

study.

W
Background of the Study
IE
Recent high-profile data compromises within the defense and commercial sectors have

brought public awareness to the issue of insider threat. Within the defense sector, high-profile
EV
leaks such as one committed by former National Security Agency contractor Edward Snowden

demonstrated that despite years of efforts invested in protecting military assets, the efforts to

defend against insider threat within the military sector remains insufficient (Richman, 2017).
PR

Multiple high-profile incidents of theft of sensitive data within the commercial sector have

forced commercial companies to acknowledge the risks insiders can pose to their proprietary

data and intellectual property, as well as the personally identifiable data of their customers

(Armerding, 2018). According to Bailey, Kolo, Rajagopalan, and Ware (2018), attacks by

insiders represented 50% of data breaches reported. Preventing attacks by an insider or

privileged company employees, contractors, or vendors, has become a high priority in

organizations across the defense and commercial sectors.

3
 Research by Giandomenico and de Groot (2018) found the threats to a company’s IT

infrastructure and proprietary data that originate from insiders are more difficult to prevent and

detect using the traditional security one-size-fits-all methodology. The security methodology

must be customized to fit the nature of the threat. According to Balakrishnan (2015), methods for

mitigating insider threat include mitigation approach should have a structured program. These

methods include senior management support addressed by policies, procedures, and technical

controls. The NIST 53v4 specification has provided a list of security measures that organizations

can adopt and customize to fit their needs. Additionally, the specification identifies the need for

integrating these security measures across the information systems, the business processes, and

W
the organization to ensure implementation of a consistent information security strategy meets the
IE
security needs, and is aligned with, the business strategy of the organization (NIST, 2018a).

In the corporate infrastructure environment, insider threats can pose a significant

EV
challenge to data access management. Data access privilege should be limited to authorized

employees, protected against illegal access from unauthorized employees, and removed from

former employees. Management of data access privilege consists of deploying a set of custom
PR

security measures designed to prevent and detect and recover from illegal access. According to a

study conducted by Rouse (2018), many companies do not have adequate user auditing policies

and procedures to properly monitor employee’s behaviors when using company owned

information systems and accessing proprietary data. The same study also found that many

organizations do not have adequate insider threat programs, security compliance policies with

established most common security practices, employee training, security spyware scanning and

account auditing of any form.

4
 The phenomenon of insider threat has affected every aspect of defense and commercial

sectors (Bailey et al., 2018; Richman, 2017), as well. Insider attacks have significantly impacted

national defense, infrastructure, and human safety (Rose, 2016). According to Gogan (2017),

remediation of an insider attack costs an organization more than $100,000 on average and more

than $1 million in the extreme cases. The same research found that 74% of participating

companies classified themselves as vulnerable to insider threats, with 7% classified as extremely

vulnerable. Yet, according to Rose (2016), despite 55% of reported cyber-attacks were

conducted by insiders, organizations continue to invest more heavily in traditional network

defenses against outsiders.

W
Business Technical Problem
IE
Despite the recommendations provided by NIST and SEI, there is no clear data on how

organizations are implementing the specific security recommendations to prevent or mitigate the
EV
insider threat. Research by Almehmadi and El-Khatib (2017) found current access control

models, including discretionary access control (DAC) and non-discretionary access control, fail

to detect and prevent insider threats. CERT (2016) ffound the problem of improper infrastructure
PR

configuration to combat insider theft of intellectual property, sabotage, fraud, and espionage

remain a serious challenge for organizations, including commercial companies and military

contractors. The specific problem that was addressed in this study is a lack of a consensus on the

most common security practices currently implemented by companies to deter, prevent, detect,

and remediate the threat and impact of the insider attack (Agrafiotis, Erola, Happa, Goldsmith, &

Creese, 2016; Claycomb & Nicoll, 2012; Hunker & Probst, 2011).

The insider threat has a direct impact on a company’s revenue. According to Thompson

(2017), insider threat of intellectual property theft at American Superconductor immediately

5
resulted in the loss of $800 million in revenue. According to Cisco’s (2017) Annual

Cybersecurity Report, nearly one-third of businesses that suffered a breach lost more than 20%

of their revenue. According to the Ponemon Institute’s (2018) report, the average cost of an

insider threat annually is $8.76 million. The insider threat is also hard to detect. According to

Keanini (2015), a survey conducted found 61% of the companies could not deter insider attacks,

and 59% admitted the organization was unable to even detect an insider threat. This is because of

lack of common security controls monitored to defend against the insider threat. According to

Cappelli, Moore, and Trzeciak (2012), the impacts of insider theft of intellectual property can be

devastating to a company. Trade secrets worth hundreds of millions of dollars have been lost to

W
foreign countries and competing products have been brought to market by former employees and
IE
contractors. The authors also found invaluable proprietary and confidential information impacts

have been stolen by insider threats and been given to competitors. Cappelli et al. (2012) also
EV
found more than half of theft of IP cases involved company trade secrets.

There are numerous studies dedicated to the phenomenon of insider threat. A prevalent

issue raised that has not received significant attention is the lack of documented real-world
PR

information on how to combat insider threat (Agrafiotis et al., 2016; Claycomb & Nicoll, 2012;

Hunker & Probst, 2011). While security standards such as NIST define clearly what an insider

threat is, many studies continue to use different definitions that fit their specific use for their

study (Blackwell, 2009; Costa, 2017; Eldardiry et al., 2013; Hunker & Probst, 2011; Sanzgiri &

Desgupta, 2016). It is not clear if there is an agreement on the definition of the term insider threat

in organizations. Furthermore, several studies reported a lack of information on the

characteristics, and motivation associated with, potentially harmful insiders (Bradley, Chambers,

Davenport, & Saner, 2017; Siber, 2018; Stolfo et al., 2008). Additional studies concluded that it

6
is unclear which security controls are frequently adopted by organizations to counter insider

threats (Costa, 2017; Dtex Systems, 2018).

By interviewing industrial experts, this study addressed the problem of the lack of real-

world information on the most common security practices frequently adopted by organizations to

counter insider threats. Specifically, this study investigated how organization experts define

insider threat, which security controls are commonly implemented in organizations, and which

third-party security technologies are often adopted to support implementation of these security

controls. This collected data allowed cybersecurity practitioners a solid foundation to identify

and mitigate the insider threat.

W
Research Purpose
IE
The purpose of this qualitative Delphi research was to leverage practicing IT and

cybersecurity experts to facilitate the identification and gathering of a set of commonly used
EV
security control implementations against insider threat. Each expert originated from an

organization with his or her own set of experiences dealing with the insider threat problem.

Through the Delphi process of consensus building, this study sought to identify a list of
PR

commonly practiced security measures that today’s organizations have implemented to combat

the threat of insider attack. To find the answer to this question, there were three related aspects

this study focused on: (a) How industrial experts define insider threat, (b) What security controls

companies frequently implemented, and (c) Which off-the-shelf security technologies companies

are often adopted.

The importance of this scholarly study is to provide the interested researcher an

understanding of the practice of mitigating and preventing insider threat. This scholarly research

gives the research community additional information on the state of the practice of insider threat

7
prevention and mitigation. As raised by Balakrishnan (2015), documented information regarding

the current state of the practice of insider threat management continues to be limited. The

findings of this study complemented the published security control practices recommendations

provided by NIST (2013a) by focusing on how much of these recommendations are adopted in

practice. This study identified current practices that may not be aligned with those proposed by

NIST.

The importance of this scholarly research for a security practitioner was to provide a

summary of the common insider threat practices adopted by organizations and the challenges or

issues associated with, if any, the implementation of each practice. Once properly selected and

W
implemented, the security practices can serve as a deterrent and provide the company
IE
infrastructure a forensic capability to track potential insiders. This forensic capability is in

accordance with an insider threat program (NIST, 2019).

EV
Research Question

The primary research question for this study was as follows: Which recommended

security control practices are most often adopted in countering the threat of the insider, either
PR

malicious or naïve, among company IT organizations?

The purpose of this research question was to explore which of the most commonly

implemented security measures are most often implemented and/or are considered most effective

to combat the threat of an insider attack, according to a panel of information security experts.

The list of security controls recommended by NIST (2013a) were used as the starting point of

this panel interview (Blackwell, 2009; Costa, 2017; Eldardiry et al., 2013; Hunker & Probst,

2011). The NIST security controls were used as a reference for developing the responses to the

interview questions.

8
 Rationale

The cost of a cybersecurity breach involving employees or others within an organization

varies in cost for organizations. The cost of an insider threat incident has ranged from $206,000

(Kohen, 2017) to $8.7 million per incident (Ponemon Institute, 2018) depending on the size of

the organization, the scope of the security incident, and the incident handling. The creation of a

model that consists of scholarly and practitioner data on NIST security controls and most

common security practices are invaluable to IT and cybersecurity professionals fighting the

battle defending the corporate infrastructure against the insider threat.

Research conducted by Hunker and Probst (2011) found there is insufficient real-world

W
data about the insider threat, and there is a significant gap in the existing body of knowledge on
IE
critical security vulnerability. The insider threat is one of the most serious security issues for

companies. This threat has the potential to cause damage to the data, an organization’s
EV
information system, infrastructure, loss of proprietary data, and intellectual property. This study

identified security controls and most common practices that can be used to protect proprietary

corporate data from theft.

PR

Companies use information technology devices and infrastructure to develop product

requirements, create product models, and create products to sell domestically and globally. This

product development life cycle costs millions of dollars and provides the company a competitive

advantage in their industry by producing either new products not currently on the market or

products that have better quality and technology options (Kambanou & Lindahl, 2016). This is a

critical financial reason for companies to implement cybersecurity controls and associated

techniques.

9
 The outcome of the study conducted provided the most common security practices from

cybersecurity professionals which, if applied, have aided in the security of the corporate

infrastructure using commonly implemented security measures. As a company implements

strategies to mitigate insider threat, defense in depth, documentation, and training assist to ensure

there are fewer threat vectors for cyber-attack and provide a better understanding of the security

policies and procedures by employees. The literature review and research conducted in this study

contribute to a better understanding of how insider threat affects companies around the world.

The next section relates to theories of preventing or mitigating the insider threat, defense-in-

depth and risk management. These two principals are important when developing a corporate

W
strategy for cybersecurity.
IE Theoretical Framework

The goal of this qualitative research was to examine which commonly implemented
EV
security measures should be selected and implemented specifically to mitigate and prevent the

insider threat. Once security controls and security software have been selected and implemented,

the company’s infrastructure has the capability to defend itself from the insider threat and
PR

forensically track users’ actions on their company issued electronic devices (NIST, 2019). This

capability for an information system is critical for mitigating or preventing the insider threat.

The theoretical framework implemented for this study was the technology adoption

theory (TAM). Created by Fred Davis, TAM adapted the theories of reasoned action, planned

behavior, and proposed the TAM. According to Taherdoost (2017), technology adoption theory,

a technology acceptance model (TAM), is used as an information systems theory that was

created to model how users arrive to accept and use a technology. Taherdoost found the common

question of practitioners and researchers is why companies or people accept new technologies

10
(2017). Answering this question provides companies the tools to implement methods for

designing, evaluating, and predicting the response of the users to the new technologies. In a

corroborating article by Marangunic and Granic (2014), TAM has taken a leading role in

explaining users’ behavior toward technology. Marangunic and Granic (2014) found without

understanding the origins, development, modifications, and limitations of the model, there can be

no comprehensive and methodical research in the field.

Taherdoost’s (2017) research found TAM is one of the most widely cited models in the

technology acceptance. During the past decades, TAM received substantial 974 empirical

support. TAM links the adoption motivation of users by three factors; the perceived usefulness,

W
perceived ease of use, and the users’ attitude toward the technologies use (2017). TAM’s two
IE
primary theories of perceived usefulness and ease of use have considerable impact on attitude of

the user. These theories can be used to determine the positive or negative attitude toward the new
EV
system. Other factors known as external variables include user training, system characteristics,

user participation in design, and the implementation process nature are also considered in the

TAM model.
PR

In the perspective of the TAM model, adoption of information security control in

practice, is typically based on key factors such as perceived usefulness and perceived ease-of-use

of these recommended controls. The most common practices are not necessarily the best

practices (based on NIST). As a result, this exploratory study using qualitative method sought to

develop a consensus from a panel of information security experts on a set of commonly

implemented security controls in practice.

11
 Significance of the Study

The rationale and justification for the present study underlined the significance of the

study to scholar-practitioners, the research community, IT, cybersecurity professionals, and

academia. The significance of the study is to help advance the body of knowledge in research

and practices of insider threat management by providing IT and cybersecurity professionals a list

of commonly implemented security controls that help the infrastructure to defend against the

insider threat. As a result, the study provided most common security practices to counter an

insider threat in organizations and protect company proprietary data and intellectual property.

The study provided the key applications adopted by organizations to counter insider threats. As

W
an organization proactively moves to mitigate insider threat, a solid security infrastructure and
IE
system documentation to help to ensure small attack vectors for cyber-attack.

This study provided the most common security practices from cybersecurity
EV
professionals, if applied, will aid in the security of the infrastructure. As a company’s

cybersecurity professionals implement strategies to mitigate insider threat, defense-in-depth, and

documentation will help ensure a smaller information system attack surface, better understanding
PR

of the security policies and procedures by employees, and an understanding of how the adversary

is attacking the company.

This study expanded on the literature and body of knowledge on information security and

facilitated a company’s ability to identify individuals who display characteristics of insider

threat. The study defined the term insider threat, provided the company with security controls

and most common security practices to detect, mitigate, and ultimately prevent the loss of

company proprietary data (Balakrishnan, 2015) and intellectual property. Additionally, this study

is of great significance to organizations and has the potential to provide corporate leaders insight

12
on the adoption of security controls, security processes, and procedures that are critical to

protecting the corporate infrastructure (NIST, 2013).

Definition of Terms

Access Controls: Access controls is a process of providing access to information

technology system resources only to authorized users (NIST, 2018c).

Audit: An audit is the independent review of information system logs and user activities

to make an assessment the effectiveness of implemented security controls and ensure compliance

with implemented security policies and procedures (NIST, 2018d).

Behavior: Behavior is a manner of behaving or acting (Dictionary, 2019a).

W
Characteristics: A characteristic is feature or quality belonging typically to a person,
IE
place, or thing and serving to identify it (Dictionary, 2019b).

CISSP: A CISSP is an individual who has obtained a Certified Information Systems

EV
Security Professional (ISC2, 2019).

Cybersecurity: Cybersecurity is an organization’s ability to protect or defend the use of

PR

information systems and infrastructure from cyber-attacks from internal and external adversaries

(NIST, 2018e).

Defense in Depth: Defense-in-depth is an information security strategy which integrates

the company’s operations capabilities to create security barriers across multiple security layers

within the organization (NIST, 2018f).

Encryption: Encryption is a process of changing plaintext into cipher text for the purpose

of security or privacy (NIST, 2018g).

Incident Response: Incident Response is a mitigation of violations of security policies

and recommended practices (NIST, 2018h).

13
 Information Assurance: Information Assurance is the security policies, procedures, and

controls that are designed and implemented to protect data and the information system by

protecting their availability, integrity, authentication, confidentiality (CIA), and non-repudiation

(NIST, 2018i).

Insider Threat: An insider is an individual who will use their information system

authorized access to do harm to the information security of the U.S. (NIST, 2018j).

Intrusion Detection System (IDS): Intrusion Detection System is software or hardware

products that assist in the intrusion monitoring and analysis process (NIST, 2018k).

Intrusion Prevention System (IPS): Intrusion Prevention System is a system that

W
monitors a network for malicious activities such as security threats or policy violations. The IPS
IE
can identify suspicious activity, log information, attempt to block the activity, and report the

activity (NIST, 2018l).

EV
ISSO: An ISSO is an Information System Security Officer (NIST, 2019).

ISSM: An ISSM is an Information System Security Manager (NIST, 2019).

PR

IT Organization: An IT organization (information technology organization) is the

department within a company that is charged with establishing, monitoring and maintaining

information technology systems and services (TechTarget, 2019).

Motivation: Motivation is an act or an instance of motivating, or providing with a reason

to act in a certain way (Dictionary, 2019)

Personally Identifiable Information: Personally Identifiable Information is information

that can be used to distinguish or trace an individual's identity, such as name, social security

number, biometric records, etc. alone, combined with other personal or identifying information

14

Reproduced with permission of copyright owner. Further reproduction prohibited without permission.