Volume 2 - Issue 1
A Preliminary Model of Insider Theft of Intellectual Property
- Andrew P. Moore
CERT Program Software Engineering Institute 4555 Fifth Avenue Pittsburgh, PA 15213
apm@cert.org
- Dawn M. Cappelli
CERT Program Software Engineering Institute 4555 Fifth Avenue Pittsburgh, PA 15213
dmc@cert.org
- Thomas C. Caron
Deloitte Consulting Boston, MA
tcaron@gmail.com
- Eric Shaw
Consulting and Clinical Psychology, Ltd. Suite 514 5225 Connecticut Ave., NW Washington, DC 20015
eshaw@msn.com
- Derrick Spooner
CERT Program Software Engineering Institute 4555 Fifth Avenue Pittsburgh, PA 15213
dspooner@cert.org
- Randall F. Trzeciak
CERT Program Software Engineering Institute 4555 Fifth Avenue Pittsburgh, PA 15213
rft@cert.org
Keywords: Information Security, Insider Threat, Theft of Intellectual Property, Modeling, System Dynamics, Theft of Information
Abstract
A study conducted by the CERT Program at Carnegie Mellon University’s Software Engineering
Institute analyzed hundreds of insider cyber crimes across U.S. critical infrastructure sectors.
Follow-up work involved detailed group modeling and analysis of 48 cases of insider theft of intellectual
property. In the context of this paper, insider theft of intellectual property includes incidents
in which the insider’s primary goal is stealing confidential or proprietary information from the organization.
This paper describes general observations about and a preliminary system dynamics model
of this class of insider crime based on our empirical data. This work generates empirically-based
hypotheses for validation and a basis for identifying mitigating measures in future work.