Validating Technical and Psychometric Indicators in Precursor Identification for Malicious Cybersecurity Insider Threat Attack - Delphi 1
Dear Participant,

Insider threats continue to be one of the most challenging threat vectors for organizations to mitigate. The impact of insider threat attacks can range from companies going out of business, loss of intellectual property, millions of dollars, to the detriment of critical infrastructures such as electrical power grids, communications, or travel infrastructures. In many insider threat attacks, perpetrators exhibited observable questionable behavior such as disgruntlement, anger, or unreliability, yet coworkers or supervisors did not report the behavior to upper management or human resources personnel. This research offers a practical method for the identification of questionable user activity through the development of a simulated monitoring system utilizing synthesized user data and behaviors. As such, the main goal of this research study is to investigate how different activities or indicators relate as precursors to an insider threat attack.

Please read all the survey questions carefully and select one answer per row. Filling out the survey will take about 15 to 20 minutes. Participating in this survey is completely voluntary and anonymous. No personal information will be collected and the data collected will be used for the purpose of this research only. Completing the survey indicates your voluntary participation in the study.

The survey instrument will be presented as follows: After this initial introduction, two sections for experts to identify technical, and psychometric indicators will be presented, followed by a section for demographic information.

This survey is conducted in affiliation with Nova Southeastern University, including Yair Levy, Ph.D. acting as Primary Investigator and one of his doctoral students; Angel L. Hueca, acting as Co-Investigator.

If you would like to see a summary of the results please send an email to ah1676@nova.edu with the subject line "results requested." If you have any questions please send an email to the above mentioned email address.

Thank you in advance for your time and assistance. Thank you for taking the time to participate in our research study.

Regards,

Angel L. Hueca

The Following Technical Sources and Logs are IMPORTANT in the Detection of Precursors to Malicious Cybersecurity Insider Threat Activity.
On each of the following indicator provided, please indicate your level of agreement to the LEVEL OF IMPORTANCE that piece of information is in serving as a precursor to malicious cybersecurity insider threat activity. Please respond to the statements with respect to your expert opinion on the subject matter.
System Logs *
1 - Not at all important
2 - Low importance
3 - Slightly important
4 - Somewhat important
5 - Moderately important
6 - Very important
7 - Extremely important
SL1. System activity logs (Administrator)
SL2. Storage Logs
SL3. Endpoint Logs
SL4. Application Logs
SL5. Customized Application Logs
SL6. Authentication Logs
SL7. Physical Security Logs
Network Logs *
1 - Not at all important
2 - Low importance
3 - Slightly important
4 - Somewhat important
5 - Moderately important
6 - Very important
7 - Extremely important
NL1. Email Activity Logs
NL2. Firewall Traffic Logs
NL3. VPN Activity Logs
NL4. Netflow Logs
Technical Communication Logs *
1 - Not at all important
2 - Low importance
3 - Slightly important
4 - Somewhat important
5 - Moderately important
6 - Very important
7 - Extremely important
TL1. HTTP Activity Logs
TL2. Proxy Logs
TL3. DNS Logs
TL4. DHCP Logs
TL5. FTP Logs
TL6. Web Logs
TL7. SQL Logs
Cybersecurity Monitoring and Logging Tools Logs *
1 - Not at all important
2 - Low importance
3 - Slightly important
4 - Somewhat important
5 - Moderately important
6 - Very important
7 - Extremely important
MLT1. Malware Protection Tools (Anti-Virus) Logs
MLT2. Intrusion Detection and Prevention System (IDPS) Logs
MLT3. Data Loss Prevention (DLP) Logs
MLT4. Tools that employ potential malware isolation and investigation (sandbox or virtual execution engines) Logs
MLT5. Other relevant security management appliances or tools
The Following Psychometric indicators are IMPORTANT in the Detection of Precursors to Malicious Cybersecurity Insider Threat Activity.
Meta analytic evidence has demonstrated that the five-factor structure of personality constructs are consistently predictive of important job-related activities (Barrick & Mount, 1993).

The Big-Five Personality Dimensions are OPENNESS, CONSCIENTIOUSNESS, EXTRAVERSION, AGREEABLENESS, and NEUROTICISM.

On each of the following Psychometric indicators provided, please indicate your level of agreement to the LEVEL OF IMPORTANCE that the indicator has in serving as a precursor to malicious cybersecurity insider threat activity.

For each Psychometric indictor please select your level of agreement on how an employee score on a Psychometric indicator and the scores relationship to malicious cybersecurity insider threat activity.

Please respond to the statements with respect to your expert opinion on the subject matter.

Psychometric Indicators *
1 - Not at all important
2 - Low importance
3 - Slightly important
4 - Somewhat important
5 - Moderately important
6 - Very important
7 - Extremely important
PS1. Openness: Personality Traits: Imagination, feelings, actions, ideas
PS1A. Low Score on Openness: The Employee is Practical Conventional, Prefers Routine, Pragmatic, Data Driven
PS1B. High Score on Openness: The Employee is Curious, Independent, Creative, Receptive
PS2. Conscientiousness: Competence, Self-Discipline, Thoughtfulness, Goal-Driven
PS2A. Low Score on Conscientiousness: The Employee is Impulsive, Careless, Disorganized
PS2B. High Score on Conscientiousness: The Employee is Persistent, Driven, Hardworking, Dependable, Organized
PS3. Extroversion: Sociability, Assertiveness, Emotional Expression
PS3A. Low Score on Extroversion: The Employee is Quiet, Reserved, Withdrawn, Reflective
PS3B. High Score on Extroversion: The Employee is Outgoing, Warm, Seeks Adventure
PS4. Agreeableness: Cooperative, Trustworthy, Good-Natured
PS4A. Los Score on Agreeableness: The Employee is Critical, Uncooperative, Suspicious, Competitive, Challenging
PS4B. High Score on Agreeableness: The Employee is Helpful, Trusting, Empathetic, Cooperative
PS5. Neuroticism: Tendency Towards Unstable Emotions
PS5A. Low Score on Neuroticism: The Employee is Calm, Even-Tempered, Secure
PS5B. High Score on Neuroticism: The Employee is Anxious, Unhappy, Prone to Negative Emotions
Demographics Information
Please provide the following anonymous information about yourself.
D1. The Gender You Identify With *
D2. Age Group *
D3. Your Education Level *
D4. Your Role Within Your Organization *
D5. The Industry You Work In *
Submit
This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Additional Terms