A Preliminary Model of Insider Theft of Intellectual Property

 

Andrew P. Moore1, Dawn M. Cappelli1, Thomas C. Caron2, Eric Shaw3, Derrick Spooner1
and Randall F. Trzeciak1

 

1CERT Program

Software Engineering Institute

4555 Fifth Avenue

Pittsburgh, PA 15213
{apm, dmc, dspooner, rft}@cert.org

 

2Deloitte Consulting

Boston, MA

tcaron@gmail.com

 

3Consulting and Clinical Psychology, Ltd.

Suite 514

5225 Connecticut Ave., NW

Washington, DC 20015

eshaw@msn.com

 

Abstract

 

A study conducted by the CERT Program at Carnegie Mellon University¡¯s Software Engineering Institute
analyzed hundreds of insider cyber crimes across U.S. critical infrastructure sectors.

Follow-up work involved detailed group modeling and analysis of 48 cases of insider theft of intellectual property.
In the context of this paper, insider theft of intellectual property includes incidents
in which the insider¡¯s primary goal is stealing confidential or proprietary information from the organization.
This paper describes general observations about and a preliminary system dynamics model of this class of insider crime
based on our empirical data. This work generates empirically-based hypotheses for validation and
a basis for identifying mitigating measures in future work.

 

Keywords: information security, insider threat, theft of intellectual property,
modeling, system dynamics, theft of information

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 2, No. 1, pp. 28-49, June 2011 [pdf]