Eliot H. Rich

Learn More
Dawn M. Cappelli CERT/CC Software Engineering Institute dmc@cert.org Andrew P. Moore CERT/CC Software Engineering Institute apm@cert.org Timothy J. Shimeall CERT/CC Software Engineering Institute, USA, tjs@cert.org David F. Andersen University at Albany State University of New York david.andersen@albany.edu Jose J. Gonzalez Agder University College Norway(More)
The authors describe a behavioral theory of the dynamics of insider-threat risks. Drawing on data related to information technology security violations and on a case study created to explain the dynamics observed in that data, the authors constructed a system dynamics model of a theory of the development of insider-threat risks and conducted numerical(More)
While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments and the development of models is still weak. Addressing this research gap, this paper presents the first comprehensive empirical investigation of published vulnerabilities and(More)
Many behavioral researchers have been or are currently engaged in survey research, analyzing results using statistical methods. Respondents are often asked to fill out questionnaires leading to questionnaire fatigue and reluctance to conscientiously respond. Furthermore, in spite of the popularity of the approach, serious unanswered questions remain about(More)
Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we(More)
In this paper, we present insights generated by modeling the emergence of insider threat vulnerabilities in organizations. In our model, we integrate concepts from social judgment theory, signal detection theory, and the cognitive psychology of memory and belief formation. With this model, we investigate the emergence of vulnerabilities (especially that are(More)
Migrating to new modes of operation are perilous times for most organizations. For firms that routinely work in high-threat, high-reward situations, the risks of innovation are particularly challenging. This paper develops a systems-based approach to understanding these risks. We draw examples from one firm migrating to e-operations for offshore oil(More)