Modeling and Simulation
The CERT Division's MERIT team of technical experts and psychologists uses system dynamics to
- model and analyze the dynamic nature of the insider threat problem
- simulate and graph behavior over time
- produce educational materials based on the models developed
The team focused initially on modeling insider IT sabotage.
The MERIT project led to two additional areas of work:
- Using system dynamics modeling to investigate the similarities and differences between insider IT sabotage and espionage cases to assess the feasibility of developing a single analytical framework based on system dynamics modeling.
- Developing MERIT Interactive, an innovative training mechanism for insider threat that enables virtual interactive simulation of the MERIT model.
More About Modeling and Simulation
To learn more about insider threat modeling and simulation, review these papers on related topics:
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
This paper describes seven general observations about insider IT sabotage based on the authors' empirical data and study findings.
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage
This paper describes the MERIT insider threat model and simulation results.
Preliminary System Dynamics Maps of the Insider Cyber-threat Problem
This paper discusses the preliminary system dynamic maps of the insider cyber threat and describes the main ideas behind the research proposal.
Analyzing the Threat Dynamics of Complex Networked Systems
This Carnegie Mellon Cylab web page describes research of methods and tools to help model and analyze an organization's threat dynamics and to improve the organization's security and survivability in light of those dynamics.
Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
This paper reports on work to identify organizational actions that may inadvertently lead to increased vulnerability to threats from trusted employees, former employees, current or former contractors, and clients.
Combating the Insider Cyber Threat
This IEEE paper describes why organizations must implement effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them.
Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
This paper describes general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.