Conceptual modeling insider activities in information security systems

It is shown that insider threats have become a serious problem for companies, requiring the creation of system tools for their analysis, forecasting and management. From the analysis of statistical indicators, two conclusions are drawn that are important for the development of conceptual models of insider activities. First, it is necessary to describe a complex system of information interaction between all participants of the corporate process in the company, taking into account business, psychological, financial, economical and other risks and motives. Second, a protection strategy that combines organizational and programmatic and techniques tools, including data leakage prevention (DLP-systems), should be developed. In conceptual modeling, one of the important tasks in the construction of company security system (SS) is to create of insider’s behavioral models based on visualization of information. It is advisable to use system-dynamic models as a method of behavior visualization. The threats of information theft by an insider are considered. The classification of insiders types, divided into two categories - loyal and malicious - is done. Details about the intent, motivation, and actions of each of these types are given. Using the AnyLogic simulation modeling platform, visualization of the system of insider behavior basic elements and their interaction is carried out in relation to two cases: when it acts alone, and when it is assisted by accomplices. The corresponding diagrams of cause-and-effect relationships are presented.