Modeling and Simulation

The CERT Division's MERIT team of technical experts and psychologists uses system dynamics to

  • model and analyze the dynamic nature of the insider threat problem
  • simulate and graph behavior over time
  • produce educational materials based on the models developed

The team focused initially on modeling insider IT sabotage.

The MERIT project led to two additional areas of work:

More About Modeling and Simulation

To learn more about insider threat modeling and simulation, review these papers on related topics:

The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures
This paper describes seven general observations about insider IT sabotage based on the authors' empirical data and study findings.

Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage
This paper describes the MERIT insider threat model and simulation results.

Preliminary System Dynamics Maps of the Insider Cyber-threat Problem
This paper discusses the preliminary system dynamic maps of the insider cyber threat and describes the main ideas behind the research proposal.

Analyzing the Threat Dynamics of Complex Networked Systems
This Carnegie Mellon Cylab web page describes research of methods and tools to help model and analyze an organization's threat dynamics and to improve the organization's security and survivability in light of those dynamics.

Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model
This paper reports on work to identify organizational actions that may inadvertently lead to increased vulnerability to threats from trusted employees, former employees, current or former contractors, and clients.

Combating the Insider Cyber Threat
This IEEE paper describes why organizations must implement effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them.

Insider Theft of Intellectual Property for Business Advantage: A Preliminary Model
This paper describes general observations about, and a preliminary system dynamics model of, insider crime based on our empirical data.

Fund MERIT Research

Help fund our work on MERIT Interactive, a training simulator that gives managers practical experience in balancing all the factors that affect an organization's risk of insider threat.

Contact Us