Abstract

We observe a gap in operationalizing information systems policy (ISP) compliance theory to identify observable risks faced by organizations. This gap hinders the ability of ISPs to address threat response. In 36 ISP studies we reviewed, self-reported survey items (e.g., intention) were a frequent proxy for user behavior. By contrast, a second review of 53 research articles aimed at improving threat detection quality, for example, user entity behavior analytics (UEBA), found telemetry (e.g., logs and user-system interaction events generated by the monitored devices) is the primary source for estimating risk. To address this shortfall, we propose a model of cybersecurity risk assessment and provide an example of integrating survey measures of intent with telemetry to identify high performers. We operationalize this in a study of 1271 users that employs a net intent to violate score (NIVS), the standardized sum of violation intent (VI) minus the standardized sum of compliance intent (CI) in a machine learning (ML) pipeline. Contributions include demonstrating that even simple individual demographic patterns have potential indicative power when combined with NIVS and telemetry that may be of use in UEBA-style operations.

Download

Share

COinS