Thought Leadership 

IRG personnel have been thought leaders in the application of behavioral science methods to insider risk detection and management. 

 

Commercial and government security professionals use IRG and the CPIR to understand how insider risk evolves over time in organizations. IRG specializes in using all available data—including online communications—to answer client questions regarding persons and groups of concern. CPIR was first published by Dr. Shaw in 2005 and gained wide acceptance in 2015 after it was published in the CIA’s Studies in Intelligence Journal (below). Learn more about the CPIR here

Insider risk mitigation includes the policies and practices affecting employment from hiring to termination. Though a reliable profile is difficult to identify, the CPIR is a mechanism to identify the likelihood of an insider attack through analysis of at-risk characteristics. The CPIR is meant to capture the insider’s experiences, characteristics, stressors, and interactions to determine a profile and establish a mechanism to identify increased risk. Then, we work with multidisciplinary Insider Risk Teams to develop mitigations strategies and deescalate at-risk individuals, which helps our clients avoid costly reputational, operational and financial damage to their organization. Below are some resources that further articulate this approach and its successes. 

 

Articles

 
 
 
 
 
 
 
Studies in Intelligence.jpeg

The Critical Pathway to Insider Risk Model: Brief Overview and Future Directions

The Critical Pathway to Insider Risk (CPIR) (Shaw & Sellers, 2015) is a widely accepted flexible framework for integrating information about people tapping predisposing factors (e.g., dispositional factors such as personality traits, psychopathology, interpersonal styles), stressors, concerning behaviors, social networks and contextual risk setting, and maladaptive organizational response as well as mitigating factors within a broad diathesis-stressor psychological framework. The CPIR is developmental in nature allowing for the interaction and unfolding of insider risk enhancing factors over time. The CPIR also provides a methodological template for quantifying risk when wed to a system for case evaluation. We briefly present the CPIR in overview and place the model within the context of its current development, feedback received from investigator and analysts in the field, as well as colleagues in the insider risk community. The CPIR represents simultaneously a model of the development of insider risk as well as a method for the assessment of the domains/constructs essential for a valid assessment of insider risk. The CPIR remains a model in development, which is an ongoing iterative process, with open methodological and validity questions. Also, it shares a number of issues awaiting resolution with respect to insider risk assessment generally.

 

Studies in Intelligence: "The Application of the Critical-Path Method to Evaluate Insider Risk"

"Governments and institutions of many kinds have faced the danger of hostile acts by insiders from time immemorial. In the case of the US government, such hostile acts have included betrayals by employees who supplied secrets to hostile powers, committed sabotage, and fatally attacked fellow employees. Relatively recent examples of such activity include the espionage activities of Aldrich Ames, Larry Chin, and Robert Hanssen; the Wikileaks revelations of Bradley Manning; the disclosures of Edward Snowden; and the violent assaults against fellow Americans by Nidal Hassan and Aaron Alexis."

 
fo-1467356400-225x300.jpg

Fortune Magazine: "How an Ex-CIA Researcher Created a Saboteur-Stopping Email Tool"

"After graduating from college in 1975, Eric Shaw worked as a government contractor for the State Department and other agencies, grappling with issues related to terrorism and the problems faced by returning hostages. Intrigued by the mental-health issues, he went back to school, earning a Ph.D. in psychology from Duke in 1984. After publishing an article on why people become terrorists, he got a call from Jerrold Post, a psychiatrist then working for the Central Intelligence Agency, where he had founded the agency’s political psychology unit."

 
NYT.jpeg

The New York Times: "The Rise of the Digital Thugs"

"Early last year, the corporate stalker made his move. He sent more than a dozen menacing e-mail messages to Daniel I. Videtto, the president of MicroPatent, a patent and trademarking firm, threatening to derail its operations unless he was paid $17 million. In a pair of missives fired off on Feb. 3, 2004, the stalker said that he had thousands of proprietary MicroPatent documents, confidential customer data, computer passwords and e-mail addresses. Using an alias of Brian Ryan and signing off as Wounded Grizzly, he warned that if Mr. Videtto ignored his demands, the information would end up in e-mail boxes worldwide."

 
Digital Investigation.jpeg

Digital Investigation: "The use of communicated negative sentiment and victimization for locating authors at-risk for, or having committed, insider actions"

"Insider violations in industry and government pose an increasing concern to security, law enforcement, compliance and counter-intelligence staff, as well as the leaders of these organizations who answer to their respective constituents and the public. It is extremely rare to find an insider case that has not involved the use of information systems to plan, access, steal or exfiltrate the information involved, whether it is corporate or government secrets, or employee or customer information."

 
Symantec.jpeg

Symantec White Paper: "Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall"

"Today’s corporate and government leaders are besieged by reports of economic espionage and theft of intellectual property (IP) by individual agents, organized hackers, corporate competitors and even nation states. Reports of rampant intellectual property theft have contributed to an anxious, war-time mindset as economic competition has replaced political and military confrontation between major world powers. According to earlier reviews, the theft of trade secrets has cost U.S. businesses more than $250 billion per year and these thefts are increasing exponentially and should double within the next decade."