Page 114 - KDU INTERNATIONAL JOURNAL OF CRIMINAL JUSTICE

P. 114

KDU International Journal of Criminal Justice (KDUIJCJ)
Volume I | Issue II| July 2024

selection of relevant behavioural indicators and the determination of what
constitutes suspicious behaviour will depend on factors such as the

organization's industry, regulatory requirements, and historical incidents.
Collaboration with domain experts, security analysts, and stakeholders is crucial
to ensure that the defined suspicious patterns are meaningful, actionable, and

aligned with the organization's security goals. By continuously refining the
baseline behaviour and updating probabilities based on new evidence, Bayesian

reasoning enables the identification of increasingly accurate and context-aware
suspicious patterns in the behavioural mapping of insider threats and
espionage. This approach enhances the organization's ability to detect and

mitigate potential risks, thereby strengthening its overall security posture.

Indicators

In the context of Bayesian reasoning and behavioural mapping of insider threats

and espionage, indicators play a crucial role in identifying potential risks and
suspicious behaviours. Bayes' theorem provides a framework for updating

probabilities based on new evidence, allowing for the assessment of various
indicators and their contribution to the overall risk assessment. Here are some
indicators that can be considered in the behavioural mapping of insider threats

and espionage.

1. Abnormal Access Patterns:

- Unusual login times: Logins outside of normal working hours or patterns

deviating from an individual's typical login behaviour.

- Unauthorized access attempts: Multiple failed login attempts or access to

restricted systems or sensitive data.

2. Data Exfiltration:

103

109 110 111 112 113 114 115 116 117 118 119