Identifying and preventing organizational behaviors conducive to insider threat: The critical role of positive incentives

February 19, 2018

12:00 p.m. - 1:00 p.m.

DEC, CIC 1201

This event is part of the CyLab Distinguished Seminar Series. 

Andrew P. Moore
Lead Researcher at CERT National Insider Threat Center, SEI


A common approach to formulating an insider threat defense is to look at previous insider compromises to identify insider behaviors the organization needs to watch for and avenues of attackwhere the organization was vulnerable. Less common is to ask how the organization’s workforce management practices may create a situation that is conducive to the threat. This is not to imply the organization is at fault in insider compromise – most insider threat cases are violations of law or agreements with the organization that are prosecutable in court. Nevertheless, organizations may reduce the frequency of insider misbehavior and its associated costs by instituting practices that reduce insider disgruntlement. Our research focuses on a special class of such practices that we call positive incentives. Without properly dealing with the context in which insider threats occur, insider misbehaviors may simply be repeated as a natural response to existing counterproductive practices. This talk will provide evidence of the importance of analyzing organizational behaviors as part of a balanced approach to reduce insider threat.


Andrew Moore is the lead researcher in the CERT Division’s National Insider Threat Center of the Software Engineering Institute. Andy works with teams across the SEI applying modeling and simulation techniques to cyber security, and system and software engineering problems. He has over 30 years of experience developing and applying mission-critical system analysis methods and tools, leading to the transfer of critical technology to both industry and the government. Before joining the Software Engineering Institute/CERT in 2000, Andy worked for the U.S. Naval Research Laboratory developing, analyzing, and applying high-assurance system development methods for the Navy. He has published a book, two book chapters, a special journal issue on insider threat modeling and simulation, and a wide variety of technical journal and conference papers. Andy has a Master’s degree in Computer Science from Duke University, a Bachelor’s degree in Mathematics and Computer Science from the College of Wooster, and a Graduate Certificate in System Dynamics Modeling and Simulation from Worcester Polytechnic Institute.

Upcoming Events