{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T02:39:24Z","timestamp":1768790364009,"version":"3.49.0"},"reference-count":85,"publisher":"SAGE Publications","issue":"1","license":[{"start":{"date-parts":[[2022,3,7]],"date-time":"2022-03-07T00:00:00Z","timestamp":1646611200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100013986","name":"UK Government","doi-asserted-by":"crossref","award":["Project Ref. LUR 46.851"],"award-info":[{"award-number":["Project Ref. LUR 46.851"]}],"id":[{"id":"10.13039\/100013986","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Hum Factors"],"published-print":{"date-parts":[[2024,1]]},"abstract":"<jats:sec><jats:title>Objective<\/jats:title><jats:p> Develop and investigate the potential of a remote, computer-mediated and synchronous text-based triage, which we refer to as InSort, for quickly highlighting persons of interest after an insider attack. <\/jats:p><\/jats:sec><jats:sec><jats:title>Background<\/jats:title><jats:p> Insiders maliciously exploit legitimate access to impair the confidentiality and integrity of organizations. The globalisation of organisations and advancement of information technology means employees are often dispersed across national and international sites, working around the clock, often remotely. Hence, investigating insider attacks is challenging. However, the cognitive demands associated with masking insider activity offer opportunities. Drawing on cognitive approaches to deception and understanding of deception-conveying features in textual responses, we developed InSort, a remote computer-mediated triage. <\/jats:p><\/jats:sec><jats:sec><jats:title>Method<\/jats:title><jats:p> During a 6-hour immersive simulation, participants worked in teams, examining password protected, security sensitive databases and exchanging information during an organized crime investigation. Twenty-five percent were covertly incentivized to act as an \u2018insider\u2019 by providing information to a provocateur. <\/jats:p><\/jats:sec><jats:sec><jats:title>Results<\/jats:title><jats:p> Responses to InSort questioning revealed insiders took longer to answer investigation relevant questions, provided impoverished responses, and their answers were less consistent with known evidence about their behaviours than co-workers. <\/jats:p><\/jats:sec><jats:sec><jats:title>Conclusion<\/jats:title><jats:p> Findings demonstrate InSort has potential to expedite information gathering and investigative processes following an insider attack. <\/jats:p><\/jats:sec><jats:sec><jats:title>Application<\/jats:title><jats:p> InSort is appropriate for application by non-specialist investigators and can be quickly altered as a function of both environment and event. InSort offers a clearly defined, well specified, approach for use across insider incidents, and highlights the potential of technology for supporting complex time critical investigations. <\/jats:p><\/jats:sec>","DOI":"10.1177\/00187208211068292","type":"journal-article","created":{"date-parts":[[2022,3,7]],"date-time":"2022-03-07T08:46:51Z","timestamp":1646642811000},"page":"145-157","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":8,"title":["Sorting Insiders From Co-Workers: Remote Synchronous Computer-Mediated Triage for Investigating Insider Attacks"],"prefix":"10.1177","volume":"66","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6196-8475","authenticated-orcid":false,"given":"Coral J.","family":"Dando","sequence":"first","affiliation":[{"name":"Department of Psychology, University of Westminster, London"}]},{"given":"Paul J.","family":"Taylor","sequence":"additional","affiliation":[{"name":"Department of Psychology, Lancaster University, Lancaster, UK"}]},{"given":"Tarek","family":"Menacere","sequence":"additional","affiliation":[{"name":"Department of Psychology, Lancaster University, Lancaster, UK"}]},{"given":"Thomas C.","family":"Ormerod","sequence":"additional","affiliation":[{"name":"School of Psychology, University of Sussex, Falmer, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5099-0124","authenticated-orcid":false,"given":"Linden J.","family":"Ball","sequence":"additional","affiliation":[{"name":"School of Psychology, University of Central Lancashire, Preston, UK"}]},{"given":"Alexandra L.","family":"Sandham","sequence":"additional","affiliation":[{"name":"Department of Psychology, University of Gloucestershire, Cheltenham, UK"}]}],"member":"179","published-online":{"date-parts":[[2022,3,7]]},"reference":[{"key":"bibr2-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.bandc.2008.08.033"},{"key":"bibr3-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/10510974.2018.1447492"},{"key":"bibr4-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.tics.2014.05.004"},{"key":"bibr5-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0156615"},{"key":"bibr6-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1207\/s15327957pspr1003_2"},{"key":"bibr7-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44853-5_7"},{"key":"bibr8-00187208211068292","doi-asserted-by":"publisher","DOI":"10.4135\/9781412982818.n6"},{"key":"bibr9-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/13218719.2013.835703"},{"key":"bibr10-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1109\/TCSS.2018.2857473"},{"key":"bibr11-00187208211068292","unstructured":"Clearswift Insider Threat Index. (2017). https:\/\/www.clearswift.com\/about-us\/pr\/press-releases\/insider-threat-74-security-incidents-come-extended-enterprise-not-hacking-groups"},{"key":"bibr12-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/1068316X.2019.1597093"},{"key":"bibr13-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1002\/jip.73"},{"key":"bibr14-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/1098611104273293"},{"key":"bibr15-00187208211068292","volume-title":"Insider threat indicator ontology","author":"Costa D. L.","year":"2016"},{"key":"bibr16-00187208211068292","volume-title":"Investigation and disciplinary","author":"CPNI","year":"2020"},{"key":"bibr17-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1002\/jip.145"},{"key":"bibr18-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1111\/lcrp.12016"},{"key":"bibr19-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/0018720817727899"},{"key":"bibr20-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1037\/xge0000724"},{"key":"bibr21-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1002\/jip.1519"},{"key":"bibr22-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1037\/0033-2909.129.1.74"},{"key":"bibr23-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecurity49315.2020.9138871"},{"key":"bibr24-00187208211068292","unstructured":"European Union Agency for Cybersecurity. (2020). Threat Landscape 2020 - Insider threat. https:\/\/www.enisa.europa.eu\/publications\/insider-threat"},{"key":"bibr25-00187208211068292","doi-asserted-by":"publisher","DOI":"10.3389\/fpsyg.2015.01298"},{"key":"bibr27-00187208211068292","first-page":"231","author":"Granhag P. A.","year":"2015","journal-title":"Detecting Deception: Current Challenges and Cognitive Approaches"},{"key":"bibr28-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00035"},{"key":"bibr29-00187208211068292","first-page":"1","author":"Hamlin I.","year":"2020","journal-title":"Journal of Police and Criminal Psychology"},{"key":"bibr30-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/10683160903446982"},{"key":"bibr31-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1007\/s10979-006-9053-9"},{"key":"bibr32-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/0093650214534974"},{"key":"bibr33-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2016.1205924"},{"key":"bibr34-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1145\/3303771"},{"key":"bibr35-00187208211068292","unstructured":"Intel Security. (2015). Grand Theft Data. Data exfiltration study: Actors, tactics, and detection. https:\/\/cdn2.hubspot.net\/hubfs\/3375090\/Nukon_June2017-theme\/PdfFiles\/rp-data-exfiltration.pdf"},{"key":"bibr36-00187208211068292","volume-title":"Proceedings of the 10th Biennial Conference of the International Conference of Forensic Linguistics","author":"Jenkins M. C.","year":"2012"},{"key":"bibr37-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483777"},{"key":"bibr38-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1186\/s12993-014-0046-4"},{"key":"bibr39-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.mehy.2019.109517"},{"key":"bibr40-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1002\/acp.3675"},{"key":"bibr41-00187208211068292","doi-asserted-by":"publisher","DOI":"10.2308\/jis.2009.23.1.24"},{"key":"bibr42-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-59439-2_2"},{"key":"bibr43-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/0261927X14535916"},{"issue":"19","key":"bibr44-00187208211068292","first-page":"2461","volume":"12","author":"Levine T. R.","year":"2018","journal-title":"International Journal of Communication"},{"key":"bibr45-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1111\/lcrp.12115"},{"key":"bibr46-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1093\/jcmc\/zmy009"},{"key":"bibr47-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.newideapsych.2020.100816"},{"key":"bibr48-00187208211068292","doi-asserted-by":"publisher","DOI":"10.3389\/fpsyg.2017.02207"},{"key":"bibr49-00187208211068292","first-page":"1","volume":"80","author":"Matsumoto D.","year":"2011","journal-title":"FBI L. Enforcement Bull"},{"key":"bibr50-00187208211068292","volume-title":"Detecting malicious insiders in military networks","author":"Maybury M.","year":"2006"},{"key":"bibr51-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/0261927X14534656"},{"key":"bibr52-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.jarmac.2019.07.001"},{"key":"bibr53-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1109\/EMR.2017.2667218"},{"key":"bibr54-00187208211068292","unstructured":"National Law review. (2020). Frequency and cost of insider threats continue to increase. https:\/\/www.natlawreview.com\/article\/frequency-and-cost-insider-threats-continue-to-increase"},{"key":"bibr55-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/0081246318822953"},{"key":"bibr87-00187208211068292","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222280102"},{"key":"bibr56-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1002\/acp.3767"},{"key":"bibr57-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1037\/xge0000030"},{"key":"bibr58-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/1068316X.2010.481624"},{"key":"bibr59-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/13527266.2016.1269019"},{"key":"bibr61-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1393304"},{"key":"bibr62-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1007\/s11896-011-9093-z"},{"key":"bibr63-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2016.07.003"},{"key":"bibr64-00187208211068292","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2013\/37.4.09"},{"key":"bibr65-00187208211068292","first-page":"5","volume-title":"Hawaii International Conference on System Sciences","author":"Rubin V. L.","year":"2015"},{"key":"bibr66-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2020.04.020"},{"key":"bibr67-00187208211068292","first-page":"1","author":"Sandham A. L.","year":"2020","journal-title":"Journal of Police and Criminal Psychology"},{"key":"bibr68-00187208211068292","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9091460"},{"key":"bibr69-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2019.03.033"},{"key":"bib9001872082111","doi-asserted-by":"publisher","DOI":"10.3138\/cjccj.52.2.215"},{"key":"bibr70-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2003.1254322"},{"key":"bibr71-00187208211068292","doi-asserted-by":"publisher","DOI":"10.3389\/fpsyg.2016.00420"},{"key":"bibr72-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1037\/lhb0000278"},{"key":"bibr73-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1037\/lhb0000032"},{"key":"bibr74-00187208211068292","volume-title":"SEI cyber minute: Insider threat mitigation, we can help!","author":"Trzeciak R.","year":"2019"},{"key":"bibr75-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2014.995535"},{"key":"bibr76-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1155\/2005\/804026"},{"key":"bibr77-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-9642-7_10"},{"key":"bibr78-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/1529100610390861"},{"key":"bibr79-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1177\/1745691617706515"},{"issue":"1","key":"bibr80-00187208211068292","first-page":"1","volume":"9","author":"Walczyk J. J.","year":"2013","journal-title":"Applied Psychology in Criminal Justice"},{"key":"bibr81-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.jarmac.2018.01.002"},{"key":"bibr82-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301126"},{"key":"bibr83-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1111\/j.0021-9029.2006.00055.x"},{"key":"bibr84-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1093\/jcmc\/zmz027"},{"key":"bibr85-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1023\/B:GRUP.0000011944.62889.6f"},{"key":"bibr86-00187208211068292","doi-asserted-by":"publisher","DOI":"10.1016\/S0065-2601(08)60369-X"}],"container-title":["Human Factors: The Journal of the Human Factors and Ergonomics Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/00187208211068292","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/00187208211068292","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/00187208211068292","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T12:47:10Z","timestamp":1740833230000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/00187208211068292"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,7]]},"references-count":85,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1]]}},"alternative-id":["10.1177\/00187208211068292"],"URL":"https:\/\/doi.org\/10.1177\/00187208211068292","relation":{},"ISSN":["0018-7208","1547-8181"],"issn-type":[{"value":"0018-7208","type":"print"},{"value":"1547-8181","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,7]]}}}