{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T10:05:20Z","timestamp":1776852320451,"version":"3.51.2"},"publisher-location":"Boston, MA","reference-count":39,"publisher":"Springer US","isbn-type":[{"value":"9781441971326","type":"print"},{"value":"9781441971333","type":"electronic"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-1-4419-7133-3_6","type":"book-chapter","created":{"date-parts":[[2010,7,27]],"date-time":"2010-07-27T18:09:37Z","timestamp":1280254177000},"page":"115-137","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["A Risk Management Approach to the \u201cInsider Threat\u201d"],"prefix":"10.1007","author":[{"given":"Matt","family":"Bishop","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sophie","family":"Engle","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Deborah A.","family":"Frincke","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carrie","family":"Gates","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frank L.","family":"Greitzer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean","family":"Peisert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sean","family":"Whalen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2010,7,28]]},"reference":[{"key":"6_CR1","unstructured":"Accelerated learning through serious game technology (2008). URL http:\/\/www.dodsbir.net\/sitis\/archives_display_topic.asp?Bookmark =34520 SBIR OSD08-CR8: Human Systems"},{"key":"6_CR2","unstructured":"Band, S.R., Cappelli, D.M., Fischer, L.F., Moore, A.P., Shaw, E.D., Trzeciak, R.F.: Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis. Tech. Rep. CMU\/SEI-2006-TR-026, Carnegie Mellon University Software Engineering Institute (2006)"},{"key":"6_CR3","volume-title":"Secure Computer System: Unified Exposition and Multics Interpretation","author":"D.E. Bell","year":"1975","unstructured":"Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation. Tech. Rep. EST-TR-75-306, Electronic Systems Division, Air Force Systems Command, Hanscom AFB, Bedford, MA (1975)"},{"key":"6_CR4","volume-title":"Computer Security: Art and Science","author":"M. Bishop","year":"2003","unstructured":"Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional, Boston, MA (2003)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Bishop, M., Engle, S., Gates, C., Peisert, S., Whalen, S.: We Have Met the Enemy and He is Us. In: Proceedings of the 2008 New Security Paradigms Workshop (NSPW). Lake Tahoe, CA (2008)","DOI":"10.1145\/1595676.1595678"},{"key":"6_CR6","unstructured":"Bishop, M., Engle, S., Gates, C., Peisert, S., Whalen, S.: Case Studies of an Insider Framework. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), Cyber Security and Information Intelligence Research Minitrack. Waikoloa, HI (2009)"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW), pp.1\u20133. ACM, New York, NY, USA (2008). DOI http:\/\/doi.acm.org\/10.1145\u2009\/\u20091413140.1413158","DOI":"10.1145\/1413140.1413158"},{"key":"6_CR8","unstructured":"Bishop, M., Peisert, S., Hoke, C., Graff, M., Jefferson, D.: E-Voting and Forensics: Prying Open the Black Box. In: Proceedings of the 2009 Electronic Voting Technology Workshop\/Workshop on Trustworthy Computing (EVT\/WOTE \u201909). Montreal, Canada (2009)"},{"key":"6_CR9","unstructured":"Brackney, R.P., Anderson, R.H.: Understanding the Insider Threat: Proceedings of a March 2004 Workshop. Tech. rep., RAND Corporation, Santa Monica, CA (2004)"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Brewer, D.F., Nash, M.J.: The Chinese Wall Security Policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 206\u2013214. Oakland, CA (1989)","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"6_CR11","unstructured":"Burdick, E., Wheeler, H.: Fail-Safe. Dell Puiblishing (1963)"},{"key":"6_CR12","unstructured":"Carlson, A.: The Unifying Policy Hierarchy Model. Master\u2019s thesis, University of California, Davis (2006)"},{"issue":"3","key":"6_CR13","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1145\/320613.320616","volume":"5","author":"D.E. Denning","year":"1980","unstructured":"Denning, D.E.: Secure Statistical Databases with Random Sample Queries. ACM Transactions on Database Systems 5(3), 291\u2013315 (1980)","journal-title":"ACM Transactions on Database Systems"},{"issue":"2","key":"6_CR14","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"2","key":"6_CR15","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1109\/TSE.1987.232889","volume":"SE-13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E., Akl, S.G., Heckman, M., Lunt, T.F., Morgenstern, M., Neumann, P.G., Schell, R.R.: Views for multilevel database security. IEEE Transactions on Software Engineering SE-13(2), 129\u2013140 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"6_CR16","unstructured":"Director of Central Intelligence\/Intelligence Community Staff Memorandum ICS 0858-90: Project SLAMMER Interim Report (U). Project Slammer is a CIA-sponsored study of Americans convicted of espionage against the United States. A declassified interim report is available at: http:\/\/antipolygraph.org\/documents\/slammer-12-04-1990.shtml and http:\/\/antipolygraph.org\/documents\/slammer-12-04-1990.pdf (1990)"},{"key":"6_CR17","unstructured":"Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Control. In: Proceedings of the Fifteenth National Computer Security Conference, pp. 554\u2013563 (1992)"},{"issue":"6","key":"6_CR18","doi-asserted-by":"publisher","first-page":"749","DOI":"10.1287\/mnsc.48.6.749.193","volume":"48","author":"R. Garfinkel","year":"2002","unstructured":"Garfinkel, R., Gopal, R., Goes, P.: Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat. Management Science 48(6), 749\u2013644 (2002)","journal-title":"Management Science"},{"key":"6_CR19","unstructured":"Gelles, M.: Exploring the mind of the spy. In: Employees\u2019 guide to security responsibilities: Treason 101. Texas A&M University Research Foundation (2005)"},{"key":"6_CR20","unstructured":"Greitzer and Kangas. (personal communication)"},{"key":"6_CR21","volume-title":"Social\/Ethical Issues in Predictive Insider Threat Monitoring","author":"F.L. Greitzer","year":"2009","unstructured":"Greitzer, F.L., Frincke, D.A., Zabriskie, M.M.: Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives (in review). In: M.J. Dark (ed.) Social\/Ethical Issues in Predictive Insider Threat Monitoring. IGI Global, Hershey, Pennsylvania (2009)"},{"key":"6_CR22","unstructured":"Greitzer, F.L., Paulson, P., Kangas, L., Edgar, T., Zabriskie, M.M., Franklin, L., Frincke, D.A.: Predictive modelling for insider threat mitigation. Pacific Northwest National Laboratory, Richland, WA, Tech. Rep. PNNL Technical Report PNNL-60737 (2008)"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Jones, A.K., Lipton, R.J.: The Enforcement of Security Policies for Computation. In: Proceedings of the Fifth Symposium on Operating System Principles (SOSP), pp. 197\u2013206 (1975)","DOI":"10.1145\/1067629.806538"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: a Specification-Based Approach. In: SP \u201997: Proceedings of the 1997 IEEE Symposium on Security and Privacy, p. 175. IEEE Computer Society, Washington, DC, USA (1997)","DOI":"10.1109\/SECPRI.1997.601332"},{"key":"6_CR25","unstructured":"Krofcheck, J.L., Gelles, M.G.: Behavioral consultation in personnel security: Training and reference manual for personnel security professionals (2005)"},{"key":"6_CR26","unstructured":"Kubrick, S.: Dr. Strangelove or: How I learned to stop worrying and love the bomb. Distributed by Columbia Pictures (1964)"},{"issue":"1","key":"6_CR27","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1145\/775265.775268","volume":"8","author":"B.W. Lampson","year":"1974","unstructured":"Lampson, B.W.: Protection. ACM Operating Systems Review 8(1), 18\u201324 (1974)","journal-title":"ACM Operating Systems Review"},{"key":"6_CR28","unstructured":"Lunt, T.F., Jagannathan, R.: A Prototype Real-Time Intrusion-Detection Expert System (IDES). In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 59\u201366. Oakland, CA (1988). DOI http:\/\/doi.ieeecomputersociety.org\/10.1109\/SECPRI.1988.8098"},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The \u201cBig Picture\u201d of Insider IT Sabotage Across US Critical Infrastructures (2008)","DOI":"10.21236\/ADA482452"},{"issue":"6","key":"6_CR30","doi-asserted-by":"publisher","first-page":"795","DOI":"10.1016\/j.adhoc.2004.04.001","volume":"3","author":"P. Ning","year":"2005","unstructured":"Ning, P., Sun, K.: How to Misuse AODV: A Case Study of Insider Attacks Against Mobile Ad-Hoc Routing Protocols. Ad Hoc Networks 3(6), 795\u2013819 (2005)","journal-title":"Ad Hoc Networks"},{"key":"6_CR31","volume-title":"Fighting computer crime: A new framework for protecting information","author":"D. Parker","year":"1998","unstructured":"Parker, D.: Fighting computer crime: A new framework for protecting information. John Wiley & Sons, Inc. New York, NY, USA (1998)"},{"key":"6_CR32","volume-title":"New Incident Response Best Practices: Patch and Proceed Is No Longer Acceptable Incident Response","author":"J. Patzakis","year":"2003","unstructured":"Patzakis, J.: New Incident Response Best Practices: Patch and Proceed Is No Longer Acceptable Incident Response. Tech. rep., Guidance Software, Pasadena, CA (2003)"},{"issue":"2","key":"6_CR33","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1109\/TDSC.2007.1003","volume":"4","author":"S. Peisert","year":"2007","unstructured":"Peisert, S., Bishop, M., Karin, S., Marzullo, K.: Analysis of Computer Intrusions Using Sequences of Function Calls. IEEE Transactions on Dependable and Secure Computing (TDSC) 4(2), 137\u2013150(2007)","journal-title":"IEEE Transactions on Dependable and Secure Computing (TDSC)"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Peisert, S., Bishop, M., Karin, S., Marzullo, K.: Toward Models for Forensic Analysis. In: Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 3\u201315. Seattle, WA (2007)","DOI":"10.1109\/SADFE.2007.23"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Peisert, S., Bishop, M., Marzullo, K.: Computer Forensics In Forensis. In: Proceedings of the Third International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering (IEEE-SADFE), pp. 102\u2013122. Oakland, CA (2008)","DOI":"10.1109\/SADFE.2008.18"},{"key":"6_CR36","unstructured":"Peisert, S., Bishop, M., Yasinsac, A.: Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), Digital Forensics - Pedagogy and Foundational Research Activity Minitrack. Waikoloa, HI (2009)"},{"key":"6_CR37","unstructured":"Peisert, S.P.: A Model of Forensic Analysis Using Goal-Oriented Logging. Ph.D. thesis, Department of Computer Science and Engineering, University of California, San Diego (2007)"},{"issue":"1","key":"6_CR38","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"F.B. Schneider","year":"2000","unstructured":"Schneider, F.B.: Enforceable Security Policies. ACM Transactions on Information and System Security (TISSEC) 3(1), 30\u201350 (2000)","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"issue":"6","key":"6_CR39","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1016\/S0167-4048(02)01009-X","volume":"21","author":"E. Schultz","year":"2002","unstructured":"Schultz, E.: A Framework for Understanding and Predicting Insider Attacks. Computers and Security 21(6), 526\u2013531 (2002)","journal-title":"Computers and Security"}],"container-title":["Advances in Information Security","Insider Threats in Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4419-7133-3_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,23]],"date-time":"2025-02-23T12:18:12Z","timestamp":1740313092000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-1-4419-7133-3_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9781441971326","9781441971333"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-1-4419-7133-3_6","relation":{},"ISSN":["1568-2633"],"issn-type":[{"value":"1568-2633","type":"print"}],"subject":[],"published":{"date-parts":[[2010]]},"assertion":[{"value":"28 July 2010","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}