Embed Size (px)
Citation preview
A Call for the Consideration of Individual Difference in Cyber
Security
John E. Buckner Tilman L. Sheets
Louisiana Tech University
Security Breach Unintentional
• Naïve Employees Intentional
• Hackers• “Insiders”
Training
UnintentionalBreach
Unintentional Breach Cyber Security Training
• Educational Programs for Cyber Security Explosion of popularity and offerings (Newman,
2007) Increased demand
• Training to increase Security Providing information to employees Increasing awareness
Training
UnintentionalBreach
Selection
Selection Personality traits and Individual
Differences• Job “Fit”• Creating teams to maximize performance
Cognitive Abilities• Determining key dimensions that predict job
success
Training
UnintentionalBreach
Selection
Intentional
Breach
Prevention/
Detection
Intentional Breach Prevention and Detection
• Building hardware and software systems Beyond the scope of our presentation
• Training to increase Security Providing information to “honest “employees Increasing vigilance for identification of
potential threats (activities & behaviors)
Training
UnintentionalBreach
Selection
Intentional
Breach
Prevention/
Detection
Selection Individual Differences
• Profiling Motives Professionalism and Ethicality (honesty/integrity) (Doty & O’Connor, 2010)
• Hacker Personality white-hat vs black-hat hackers
• “Insiders” Privileged information Motivation
Selection Personality Framework:
• The BIG 5 Extraversion, Emotional Stability, Openness,
Conscientiousness, Agreeableness
Extraversion
Emotional Stability
Openness
ConscientiousnessAgreeableness
Selection Personality Framework:
• The BIG 5 Extraversion, Emotional Stability, Openness,
Conscientiousness, Agreeableness• The BIG 5 + 1
Integrity: Honesty/Humility Correlated with the ‘‘Dark Triad’’ traits of Machiavellianism,
Narcissism,and Primary Psychopathy (Lee & Ashton, 2005).
• Intrinsic/Extrinsic Motivation
Largely absent in Cyber Security
Summary Individual Differences
• Predicting “at-risk” employees Naïve Employees “Insiders”
• Identify those most capable of performing in the field Individual personality tied to performance Selecting team members based on personality
• Profiling personality of malicious hackers Identify potential threat
Questions or Comments
