A Preliminary Model of Insider Theft of Intellectual
Property
Andrew P. Moore1, Dawn M. Cappelli1,
Thomas C. Caron2, Eric Shaw3, Derrick Spooner1
and Randall F. Trzeciak1
1CERT Program
Software Engineering Institute
4555 Fifth Avenue
Pittsburgh, PA 15213
{apm, dmc,
dspooner, rft}@cert.org
2Deloitte Consulting
Boston, MA
tcaron@gmail.com
3Consulting and
Clinical Psychology, Ltd.
Suite 514
5225 Connecticut Ave., NW
Washington, DC 20015
eshaw@msn.com
Abstract
A study conducted by the CERT Program at Carnegie Mellon
University¡¯s Software Engineering Institute
analyzed hundreds of insider cyber crimes across U.S. critical infrastructure
sectors.
Follow-up work involved detailed group modeling and
analysis of 48 cases of insider theft of intellectual property.
In the context of this paper, insider theft of intellectual property includes
incidents
in which the insider¡¯s primary goal is stealing confidential or proprietary
information from the organization.
This paper describes general observations about and a preliminary system
dynamics model of this class of insider crime
based on our empirical data. This work generates empirically-based hypotheses for
validation and
a basis for identifying mitigating measures in future work.
Keywords: information security, insider threat, theft of intellectual
property,
modeling, system dynamics, theft of information
Journal of Wireless Mobile Networks, Ubiquitous
Computing, and Dependable Applications (JoWUA),
Vol. 2, No. 1, pp. 28-49, June 2011 [pdf]