You Are Here Home Other project topics A PRIVACY-PRESERVING, CONTEXT-AWARE, INSIDER THREAT PREVENTION AND PREDICTION MODEL (PPCAITPP)

A PRIVACY-PRESERVING, CONTEXT-AWARE, INSIDER THREAT PREVENTION AND PREDICTION MODEL (PPCAITPP)

Project topics and materials 0

Get Complete Project Material File(s) Now! »

CHAPTER THREE CONCEPTUAL FRAMEWORK

Introduction

This chapter discusses the theories that are integrated into the model presented in this research. The model is adopted to address the limitations of the extant models to mitigate insider threat problems. The approaches are adopted from the disciplines of criminology and computer science, including the Fraud Diamond, situational crime prevention, neutralization mitigation, context-aware systems and privacy-preserving techniques. The discussion of the theories from extant research with its applications in the information security domain will be discussed in this chapter. The chapter also discusses what specific approaches from theories this research has adopted to develop the insider threat prediction and prevention model. The theories from the discipline of criminology form the basis for this research, as cybercrimes are crimes after all.

Fraud Diamond

In this section, the concepts of the Fraud Diamond will be discussed including its historical background, elements and its applications to the insider threat problem.

History of the fraud triangle

With an increased application of information technology in different business domains, the number of fraud occurrences has also increased with emerging new techniques to commit a fraudulent act that did not exist before (Mackevičius & Giriūnas, 2013). As a result, fraudsters are always seeking new techniques to commit fraud by analysing any loopholes in both internal and external environments of organizations. As a consequence of this challenge posed by fraudsters, organizations have been demanding auditors not only detect fraud that has been committed but also to prevent fraud before it occurs. According to Rezaee (2002), researchers and practitioners are advised to work together to identify the causes of fraud being committed, the available techniques with which to commit a crime as well as the techniques to prevent the occurrence of fraud.
To address these challenges, Cressey (1953) conducted a study on blue-collar criminals to identify their reasons for committing their crimes. He found that three conditions needed to be present in order for fraud to occur. These conditions were pressure, opportunity, and rationalization. The authors represented their findings by using a fraud triangle, as shown in Figure 3.1. This model has been used extensively by various researchers and practitioners to analyse fraud.
However, the fraud triangle has also been criticized by some researchers. Kassem and Higson (2012), Anandarajan and Kleinman (2011), and Koerber and Neck (2006) argue that the fraud triangle does not satisfactorily analyse fraud, as it overlooks other factors such the capability and skills of criminals. According to Mackevičius and Giriūnas (2013), the fraud triangle also does not exhaustively analyse the motives behind the fraud. They argue that the motives are different, based on the factors such as gender and the degree of a favourable environment to commit a crime. Bressler and Bressler (2007) argue that not all employees who are under pressure have the opportunity to commit a crime and rationalize their criminal activities. The authors underline the fact that there must be another element which has the capability to induce a crime.
Bressler and Bressler (2007) proposed the Fraud Diamond (see Figure 3.2), based on the idea that the fraud triangle is not inclusive of all factors to commit a crime. They argued that criminals do not only require pressure, opportunity, and rationalization but also the capability to commit a crime.
Albrecht, Wernz and Williams (1995) also argue that capability is a very important element, especially in crimes that are planned to be committed on a large scale. They also emphasize that only a person with capability can properly see a gap in an organizational environment, and is able to plan and execute an attack effectively.
The four elements of the Fraud Diamond, which are pressure, opportunity, rationalization, and capability, are discussed next.
1 The ability and pressure elements of the Fraud Diamond is used to detect any insider risk. An opportunity is facilitated as a means to determine whether an insider that is under pressure with the requisite capability will take advantage of said opportunity. Remove excuse technique of situational crime prevention is used to remove any rationalizations that an insider may have to commit crime. The opportunity facilitation and rationalization technique is used a preventative measure.

Pressure

Pressure, also known as motivation, refers to the factors that drive employees to commit a crime. The pressure may be a real financial need such as covering medical costs or paying one’s debt. It may also be related to a perceived need in which the insider has an urgent financial need but thinks that there may be future needs like acquiring materials for future use (Bressler & Bressler, 2007; Anandarajan & Kleinman, 2011; Mackevičius & Giriūnas, 2013). The pressures may perhaps not be financial in nature but they may be work-related. For instance, an employee may be tempted to commit a crime to cover-up faults that have occurred while doing his or her day-to-day activities (Mackevičius & Giriūnas, 2013). In some cases, addiction to drugs and gambling can be motivations for maleficence (Anandarajan & Kleinman, 2011). Pressure also occurs due to dissatisfaction with one’s work environment, such as low wages and lack of promotion (Mackevičius & Giriūnas, 2013).
Mackevičius and Giriūnas (2013) classify pressures, based on their sources, which are internal and external. The classification is presented in Figure 3.3 .

Opportunity

Opportunity refers to the ability to commit a fraudulent act resulting from favourable possibilities for fraud such as poor security control, management oversight, lack of periodic audits, etcetera (Bressler & Bressler, 2007; Anandarajan & Kleinman, 2011; Mackevičius & Giriūnas, 2013). Usually, criminals analyse the probability of being caught in their decision to commit a crime, which is an opportunity factor. Unless organizations establish standard procedures to detect fraud, fraudsters will be encouraged to engage in fraudulent activities. From the three elements, opportunity is the more tangible one, as organizations can institute processes, policies, and controls to discourage maleficence.
Mackevičius and Giriūnas (2013) have proposed a classification of opportunities that facilitate fraud to occur. They proposed seven groups of opportunities. These are:
1) The qualities of the managers in terms of honesty, capacity, and decision-making
2) The employees of the organization
3) The nature of the organizational structure
4) The financial performance and the productivity level of the organization
5) The activities of the organization as well as the industry in which the organization operates
6) The financial reporting and control systems, including accounting and auditing
7) External conditions such as government laws, competitors performance that affects the organization
The classification helps management to work on developing procedures and controls that will minimize favourable conditions for fraud. An example of conditions related to the qualities of the managers in terms of honesty, capacity, and decision-making may be having overambitious managers who set unrealistic goals to achieve. For conditions relating to the employees of the organization, lack of team spirit for common goals among employees may be considered as an obstacle. With regard to conditions related to the nature of the organizational structure, if there is no clear responsibility and limits for insiders it may lead to insider threat risk.
An example of conditions related to the financial performance and the productivity of the organization is contracted agreements with liabilities without assessing the capacity of the organization. With respect to conditions related to the activities of the organization as well as the industry in which the organization operates, making payments in cash for large portions of sales or purchases may be problematic. For conditions related to the financial reporting and control system, including accounting and auditing, an example could be the accounting procedures that are too complex, which makes it difficult for the organization to control these procedures. With regard to external conditions, changes in the labour market of the industry in which the organization operates may be another factor.

READ  SUSTAINABILITY IN THE CONTE XT OF TOURISM AND EVENT SPORTS TOURISM

Rationalization

According to the Fraud Diamond, insiders need to justify to themselves their criminal actions to avoid guilt (Bressler & Bressler, 2007). For instance, an employee who thinks he/she is working hard and misses a promotion may say, “I deserve to commit fraud as revenge for not getting that promotion” when the employee justifies his or her fraudulent activities.
The following are common rationalizations that employees use to commit fraud (Mackevičius and Giriūnas, 2013):
• The fraudster justifies that he/she is committing the crime for the sake of saving a family member or loved one.
• The employee may be convinced that unless he/she commits the crime, he/she may lose the job, family, properties and so on.
• The fraudster may be frustrated and think there is no way out except committing the fraud.
• The employee may have huge debts and think that he/she should steal money to repay the debt.
• The fraudster may be dissatisfied with his/her employer due to factors such as low pay, lack of promotion and the like, and may thus justify his/her criminal activities as legitimate and rational.
Sykes and Matza (1957) suggest five techniques that organizations can use to remove any excuse/rationalization for their criminal actions. These techniques are denial of responsibility, denial of injury, denial of the victim, condemnation of the condemners, and appeal to higher loyalties. Klockars (1974) and Minor (1981) include two more techniques, namely “the metaphor of the ledger” and “the defence of necessity” in addition to the five techniques proposed by Sykes and Matza (1957). Siponen and Vance (2010) have investigated the techniques suggested by Sykes and Matza (1957) and recommend all of the techniques except the denial of the victim, which should be implemented for information systems security solutions. They have also suggested that the metaphor of the ledger and defence of necessity should be used as neutralization techniques in information systems security.
This research adopts the six techniques that have been proposed by Siponen and Vance (2013) for the information security domain. These techniques are discussed below.

Denial of responsibility

This technique refers to the justification that insiders avoid taking responsibility for their criminal actions. In most cases, the information security policy is vague – there is a problem with the information system itself (Rogers & Buffalo, 1974; Sykes & Matza, 1957).

Denial of inquiry

In this case, the perpetrators justify their criminal action by saying it will not harm anyone to remove any excuse for a crime (Siponen & Vance, 2010; Sykes & Matza, 1957).

Defence of necessity

In this rationalization technique, insiders justify that there was no other option other than committing the crime. They usually provide a reason such as “I needed to cover medical costs for my son” (Piquero, Tibbetts & Blankenship, 2005).

Condemnation of the condemners

In this technique, the fraudsters will put the blame on others to justify their criminal activities (Byers, Crider & Biggers, 1999); for instance, they may say, “My boss has denied me a promotion and he is the one to be blamed for my criminal act.”

CHAPTER ONE  INTRODUCTION
1.1 Background
1.2 Definition of key terms
1.3 Problem statement and purpose of this study
1.4 Research questions
1.5 Research objectives
1.6 Significance of the study
1.7 Scope of the study
1.8 Research design and methodology
1.9 Structure of the thesis
1.10 Conclusion
CHAPTER TWO THE INSIDER THREAT PROBLEM
2.1 Introduction
2.2 Insider Threat
2.3 Extant Insider Threat Prevention and Prediction Models
2.4 Chapter summary
CHAPTER THREE CONCEPTUAL FRAMEWORK
3.1 Introduction
3.2 Fraud Diamond
3.3 Situational crime prevention (SCP)
3.4 Context-aware systems
3.5 Privacy-preserving techniques
3.6 Chapter summary
CHAPTER FOUR Methodology
4.1 Introduction
4.2 Research paradigm
4.4 Research methodology validation
4.5 Sampling
4.6 Validity and reliability
4.7 Data collection methods
4.8 Data analysis
4.9 Research ethics
4.10 Chapter summary
CHAPTER FIVE  A PRIVACY-PRESERVING, CONTEXT-AWARE, INSIDER THREAT PREVENTION AND PREDICTION MODEL (PPCAITPP)
5.1 Introduction
5.2 Derivation of the model
5.3 The model
5.4 Comparison to similar models
5.5 Chapter summary
CHAPTER SIX EVALUATION: CYCLE I
6.1 Introduction
6.2 Prototype – Asset management system
6.3 Data analysis
6.4 Discussion of the findings
6.5 Validity
6.6 Chapter summary
CHAPTER SEVEN EVALUATION: CYCLE II
7.1 Introduction
7.2 Refined model
7.3 Revised prototype
7.4 Data analysis
7.5 Discussion of findings
7.6 Validity
7.7 Chapter summary
CHAPTER EIGHT CONCLUSIONS, IMPLICATIONS AND FUTURE RESEARCH
GET THE COMPLETE PROJECT

Related Posts

The Extended Finite Element Method 

Mechanism of ice accretion on insulator surface 

Fine scale habitat selection by forest

Raw materials and their impact on anode quality

Bacterial coloniza tion of winter flounder (pseudopleuronectes americanus)

Stereodivergence in asymmetric catalysis: towards selecting the configuration of consecutively formed stereogenic centers in a single pot catalytic process