Risk Assessment of Insider Threats Based on IHFACS-BN
Abstract
:1. Introduction
1.1. Insider Threat Definition
1.2. Insider Threat Incidents
2. Related Work
2.1. Detection Methods
2.2. Prevention Methods
- An IHFACS framework is proposed to be applied to the HFs analysis of insider enterprise threats.
- An IHFACS-BN model is used to assess the risk of insecure behavior within the enterprise.
- HFACS, expert knowledge, the triangular fuzzy number estimation probability method, the Noisy-OR gate model, and BN are integrated into this model.
- BN-based reasoning identifies key risk factors and the interdependence of HFs at different and the same levels.
- Compared with traditional accident analysis methods, this method focuses more on the explicit and implicit correlations between HFs.
3. Material and Methods
3.1. IHFACS
3.2. Fuzzy Bayesian Network (FBN)
3.2.1. Fuzzy Theory and Expert Elicitation
3.2.2. BN
4. Application of the Methodology
4.1. Application of HFACS Framework
4.2. Establishment of Interdependencies for the Identified HFs
4.3. Bayesian Network Assignment
4.4. Inverse Reasoning (IR) and Sensitivity Analysis (SA)
4.5. Suggestions for Enterprise Information Security Management
- (1)
- For the most fundamental factor of imperfect security detection systems, enterprises, especially SMEs, should pay attention to their investment in insider threat detection technology and promptly update detection tools to strengthen database security management. Suggestions for the prevention of internal threats are made for key causal factors.
- (2)
- At the organizational impact A level, enterprises should focus on preventing insider threats, setting up an internal information security management department, and establishing a sound internal attack emergency response mechanism. In addition, continuous information security awareness training and education are crucial to enterprise security management.
- (3)
- Talent is the core resource for an enterprise’s sustainable and healthy development. The loss of high-level talents can easily lead to the leakage of the enterprise’s commercial secrets and core technologies. Focusing on humanistic care for employees is one of the most important ways to retain talent. In addition, it is building an early warning mechanism for high-level talent loss to prevent it before it happens.
5. Conclusions
6. Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Appendix A
A11→A1 | B22→B2 | D14→D1 | A23→ C11 | C22→D22 |
A12→A1 | B23→B2 | D15→D1 | A24→ C12 | C31→C32 |
A13→A1 | B31→B3 | D21→D2 | A32→A33 | C33→C32 |
A21→A2 | B32→B3 | D22→D2 | B13→B41 | D12→D21 |
A22→A2 | B41→B4 | D23→D2 | B14→B22 | D12→D22 |
A23→A2 | B42→B4 | D24→D2 | B15→D24 | D12→D23 |
A24→A2 | B43→B4 | A11→A21 | B41→C11 | A1→A |
A31→A3 | C11→C1 | A11→C13 | B42→D21 | A2→A |
A32→A3 | C12→C1 | A12→A13 | C11→D11 | A3→A |
A33→A3 | C13→C1 | A13→B31 | C11→D13 | B1→B |
A34→A3 | C21→C2 | A13→B32 | C12→D13 | B2→B |
A35→A3 | C22→C2 | A22→A12 | C12→D14 | B3→B |
B11→B1 | C31→C3 | A22→A35 | C12→D15 | B4→B |
B12→B1 | C32→C3 | A22→B12 | C13→D12 | C1→C |
B13→B1 | C33→C3 | A22→ B13 | C13→D21 | C2→C |
B14→B1 | D11→D1 | A22→ C21 | C13→D22 | C3→C |
B15→B1 | D12→D1 | A22→ C22 | C13→D23 | D1→D |
B21→B2 | D13→D1 | A23→A24 | C22→D13 | D2→D |
References
- Wong, W.P.; Tan, H.C.; Tan, K.H.; Tseng, M.L. Human factors in information leakage: Mitigation strategies for information sharing integrity. Ind. Manag. Data Syst. 2019, 119, 1242–1267. [Google Scholar] [CrossRef]
- Lee, C.; Iesiev, A.; Usher, M.; Harz, D.; McMillen, D. IBM X-Force Threat Intelligence Index. Available online: www.ibm.com/legal/copytrade.shtml (accessed on 20 March 2022).
- Cybersecurity Insiders. 2020 Insider Threat Report. Available online: https://www.cybersecurity-insiders.com (accessed on 20 March 2022).
- Suman, R.; Far, B.; Mohammed, E.; Nair, A.; Janbakhsh, S. Visualization of Server Log Data for Detecting Abnormal Behaviour. In Proceedings of the 2018 IEEE International Conference on Information Reuse and Integration (IRI), Salt Lake City, UT, USA, 6–9 July 2018; pp. 244–247. [Google Scholar] [CrossRef]
- Frank, L.; Justin, P.; Yung, M.; Paul, J. Positioning Your Organization to Respond to Insider Threats. IEEE Eng. Manag. Rev. 2019, 47, 75–83. [Google Scholar]
- Laycomb, W.R.; Nicoll, A. Insider threats to cloud computing: Directions for new research challenges. In Proceedings of the International Computer Software and Applications Conference, Izmir, Turkey, 16–20 July 2012; pp. 387–394. [Google Scholar] [CrossRef]
- Editorial Department of this Journal. Inventory: Major data leakage incidents at home and abroad in 2017. China Inf. Secur. 2018, 3, 62–68. [Google Scholar]
- Yang, Y. The revelation that insider threats cost billions of dollars. Inf. Secur. 2010, 24, 53. [Google Scholar]
- Buckley, O.; Nurse, J.R.; Legg, P.A.; Goldsmith, M.; Creese, S. Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat. In Proceedings of the 2014 Workshop on Socio-Technical Aspects in Security and Trust, Vienna, Austria, 18 July 2014; pp. 8–15. [Google Scholar] [CrossRef] [Green Version]
- Goh, P. Humans as the weakest link in maintaining cybersecurity: Building cyber resilience in humans. In Introduction to Cyber Forensic Psychology: Understanding the Mind Of The Cyber Deviant Perpetrators; World Scientific: Singapore, 2021; pp. 287–305. Available online: 10.1142/9789811232411_0014 (accessed on 20 March 2022).
- Ye, X.; Hong, S.; Han, M. Feature Engineering Method Using Double-layer Hidden Markov Model for Insider Threat Detection. Int. J. Fuzzy Log. Intell. Syst. 2020, 20, 17–25. [Google Scholar] [CrossRef] [Green Version]
- Wu, C.; Shuai, J.; Long, T.; Yu, J. Research on User Abnormal Operation Detection Method Based on Linux Shell Command. Inf. Netw. Secur. 2021, 21, 31–38. [Google Scholar]
- Yao, H.; Wang, C.; Xu, Q.; Li, W. A distributed biometric authentication protocol based on homomorphic encryption. Comput. Res. Dev. 2019, 56, 2375–2383. [Google Scholar]
- Guo, S.Z.; Zhang, L.; Pan, Y.; Tao, W.; Bai, W.; Zheng, Q.B.; Liu, Y.; Pan, Z.S. A review of research on insider threat discovery detection methods. Data Acquis. Ration. 2022, 37, 488–501. [Google Scholar]
- Lane, T.; Brodley, C.E. An empirical study of two approaches to sequence learning for anomaly detection. Mach. Learn. 2003, 51, 73–107. [Google Scholar] [CrossRef] [Green Version]
- Happa, J. Insider-threat detection using gaussian mixture models and sensitivity profiles. Comput. Secur. 2018, 77, 838–859. [Google Scholar]
- Zhang, G.H.; Yan, F.R.; Zhang, D.W.; Liu, X.F. Insider Threat Detection Model Based on LSTM-Attention. Netinfo Security 2022, 22(2), 1–10. [Google Scholar] [CrossRef]
- Haq, M.A.; Khan, M.A.R.; Alshehri, M. Insider Threat Detection Based on NLP Word Embedding and Machine Learning. Intell. Autom. Soft Comput. 2022, 33, 619–635. [Google Scholar]
- Hu, T.; Niu, W.; Zhang, X.; Liu, X.; Lu, J.; Liu, Y. An Insider Threat Detection Approach Based on Mouse Dynamics and Deep Learning. Secur. Commun. Netw. 2019, 2019, 3898951. [Google Scholar] [CrossRef]
- Alshehri, A. Relational Deep Learning Detection with Multi-Sequence Representation for Insider Threats. Int. J. Adv. Comput. Sci. Appl. 2022, 13, 758–765. [Google Scholar] [CrossRef]
- Theoharidou, M.; Kokolakis, S.; Karyda, M.; Kiountouzis, E. The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 2005, 24, 472–484. [Google Scholar] [CrossRef]
- Rajamäki, J.; Nevmerzhitskaya, J.; Virág, C. Cybersecurity education and training in hospitals: Proactive resilience educational framework (Prosilience EF). In Proceedings of the 2018 IEEE Global Engineering Education Conference (EDUCON), Santa Cruz de Tenerife, Spain, 17–20 April 2018; pp. 2042–2046. [Google Scholar] [CrossRef]
- Chowdhury, N.; Katsikas, S.; Gkioulos, V. Modeling effective cybersecurity training frameworks: A delphi method-based study. Comput. Secur. 2022, 113, 102551. [Google Scholar] [CrossRef]
- Hadlington, L. Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cyber security behaviours. Heliyon 2017, 3, e00346. [Google Scholar] [CrossRef] [Green Version]
- Islam, R.; Abbassi, R.; Garaniya, V.; Khan, F. Determination of human error probabilities for the maintenance operations of marine engines. J. Ship Prod. Des. 2016, 32, 226–234. [Google Scholar] [CrossRef]
- Lu, J.; Liu, W.; Yu, K.; Zhou, L. The Dynamic Evolution Law of Coal Mine Workers’ Behavior Risk Based on Game Theory. Sustainability 2022, 14, 4015. [Google Scholar] [CrossRef]
- Wiegmann, D.; Shapprll, S. A Human Error Approach to Aviation Accident Analysis: The Human Factors Analysis and Classification System; Ashgate Press: London, UK, 2003; pp. 45–70. [Google Scholar]
- Ma, L.; Ma, X.; Xing, P.; Yu, F. A hybrid approach based on the HFACS-FBN for identifying and analysing human factors for fire and explosion accidents in the laboratory. J. Loss Prev. Process Ind. 2022, 75, 104675. [Google Scholar] [CrossRef]
- Xie, T.; Li, C.; Wei, Y.; Jiang, J.; Xie, R. Cross-domain integrating and reasoning spaces for offsite nuclear emergency response. Saf. Sci. 2016, 85, 99–116. [Google Scholar] [CrossRef]
- Emre, A. A marine accident analysing model to evaluate potential operational causes in cargo ships. Saf. Sci. 2017, 92, 17. [Google Scholar]
- Shappell, S.; Wiegmann, D. Applying Reason: The human factors analysis and classification system (HFACS). Hum. Factors Aerosp. Saf. 2001, 1, 59–86. [Google Scholar]
- Zarei, E.; Yazdi, M.; Abbassi, R.; Khan, F. A hybrid model for human factor analysis in process accidents: FBN-HFACS. J. Loss Prev. Process Ind. 2019, 57, 142–155. [Google Scholar] [CrossRef]
- Rostamabadi, A.; Jahangiri, M.; Zarei, E.; Kamalinia, M.; Alimohammadlou, M. A novel Fuzzy Bayesian Network approach for safety analysis of process systems: An application of HFACS and SHIPP methodology. J. Clean. Prod. 2020, 244, 118761. [Google Scholar] [CrossRef]
- Cao, C.; Liu, Y.; Tang, O.; Gao, X. A fuzzy bi-level optimization model for multi-period post-disaster relief distribution in sustainable humanitarian supply chains. Int. J. Prod. Econ. 2021, 235, 108081. [Google Scholar] [CrossRef]
- Qiao, W.; Liu, Y.; Ma, X.; Liu, Y. Human factors analysis for maritime accidents based on a dynamic fuzzy bayesian network. Risk Anal. 2020, 40, 957–980. [Google Scholar] [CrossRef]
- Laarhoven, P.; Pedrycz, W. A Fuzzy extension of saaty’s priority theory. Fuzzy Sets Syst. 1983, 11, 229–241. [Google Scholar] [CrossRef]
- Saaty, T.L. Why the magic number seven plus or minus two. Math. Comput. Model. 2003, 38, 233–244. [Google Scholar] [CrossRef]
- Fu, Y.; Wu, X. Information security risk assessment method based on Bayesian network. J. Wuhan Univ. 2006, 5, 631–634. [Google Scholar]
- Wadhawan, Y.; AlMajali, A.; Neuman, C. A comprehensive analysis of smart grid systems against cyber-physical attacks. Electronics 2018, 7, 249. [Google Scholar] [CrossRef] [Green Version]
- Greitzer, F.L.; Kangas, L.J.; Noonan, C.F.; Dalton, A.C.; Hohimer, R.E. Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats. In Proceedings of the 2012 45th Hawaii International Conference on System Sciences, Maui, HI, USA, 4–7 January 2012; pp. 2392–2401. [Google Scholar] [CrossRef]
- Alsowail, R.; Al-Shehari, T. A Multi-Tiered Framework for Insider Threat Prevention. Electronics 2021, 10, 1005. [Google Scholar] [CrossRef]
- Kim, J.; Lee, C.; Chang, H. The Development of a Security Evaluation Model Focused on Information Leakage Protection for Sustainable Growth. Sustainability 2020, 12, 10639. [Google Scholar] [CrossRef]
- Hong, Y.; Furnell, S. Understanding cybersecurity behavioral habits: Insights from situational support. J. Inf. Secur. Appl. 2021, 57, 102710. [Google Scholar] [CrossRef]
- Reshmi, S. Multihand Administration with Intrusion Avoidance in Database System. Data Min. Knowl. Eng. 2010, 2. Available online: https://api.semanticscholar.org/CorpusID:168640234.
- Seo, S.; Kim, D. Study on Inside Threats Based on Analytic Hierarchy Process. Symmetry 2020, 12, 1255. [Google Scholar] [CrossRef]
- Hong, Y.; Furnell, S. Motivating information security policy compliance: Insights from perceived organizational formalization. J. Comput. Inf. Syst. 2022, 62, 19–28. [Google Scholar] [CrossRef]
- Onisko, A.; Druzdzel, M.; Wasyluk, H. Learning bayesian network parameters from small data sets: Application of noisy-or gates. Int. J. Approx. Reason. 2001, 27, 165–182. [Google Scholar] [CrossRef] [Green Version]
- Elmrabit, N.; Yang, S.; Yang, L.; Zhou, H. Insider threat risk prediction based on Bayesian network. Comput. Secur. 2020, 96, 101908. [Google Scholar] [CrossRef]
Likelihood | Linguistic Expressions | TFNs |
---|---|---|
1 | Very low (VL) | (0, 0.1, 0.2) |
2 | Low (L) | [0.2, 0.3, 0.4] |
3 | Medium(M) | [0.4, 0.5, 0.6) |
4 | High (H) | [0.6, 0.7, 0.8) |
5 | Very high (VH) | [0.8, 0.9, 1] |
Group | Classification | Score |
---|---|---|
Professional position (S1) | Senior Project Supervisor | 5 |
Manager of Network Administration | 4 | |
Engineer | 3 | |
Technician | 2 | |
Worker | 1 | |
Age (years) (S2) | ≥35 | 5 |
30–34 | 4 | |
25–29 | 3 | |
22–24 | 2 | |
≤22 | 1 | |
Experience (years) (S3) | ≥10 | 5 |
7–9 | 4 | |
4–6 | 3 | |
2–3 | 2 | |
≤1 | 1 | |
Education Level (S4) | PhD | 5 |
Master | 4 | |
Bachelor | 3 | |
HND | 2 | |
School level | 1 |
IHFACS Level | Sub Level | Failure Symbol and Its Description |
---|---|---|
Organizational influences (A) | (A1) Resource management | A11—Insufficient safety education and training. |
A12—Security costs are under-invested. | ||
A13—Internal information access control and security detection system deployment are flawed. | ||
(A2) Organizational climate | A21—The internal safety culture of the enterprise is not in place. | |
A22—Managers don’t pay enough attention to the internal security organization. | ||
A23—Lack of humanistic care for employees who are inclined to leave. | ||
A24—Enterprise talent mobility is large. | ||
(A3) Organizational Process | A31—The internal safety rules and regulations of the enterprise are not perfect. | |
A32—The internal information security policy is not detailed. | ||
A33-=—Not all employees are familiar with cybersecurity policies. | ||
A34—Employees do not strictly comply with the organization’s safety management policies. | ||
A35—Outsourcing of in-house security services. | ||
Unsafe supervision (B) | (B1) Technical monitoring of vulnerabilities | B11—Technology to detect software or systems with vulnerabilities. |
B12—The database security system lacks multi-hand management for intrusion avoidance. (i.e., less than three levels of system response) [44] | ||
B13—There is no activity logging for employee email, online activity, and network traffic. | ||
B14—The frequency of confidential supervision and monitoring is low, the sampling rate is low, and the inspection radiation surface is limited. | ||
B15—There is a lack of supervision mechanisms for the declassification period after the departure of personnel involved in secrets. | ||
(B2) Planned inappropriate operations | B21—Regulatory authorities that do not break down internal and external threats. | |
B22—Insider threat technology detects infrequently. | ||
B23—Failure to pay attention to security within the partner. | ||
(B3) Failed to correct Known problems | B31—The security inspection system has a high rate of false negatives. | |
B32—The security inspection system has a high rate of false positives. | ||
(B4) Supervisory violation | B41—Staff network activity logs were not monitored as required. | |
B42—The supervisor is absent from the review of the storage or transmission of confidential data. | ||
B42—Violations found in confidentiality supervision have not been punished. | ||
Preconditions for unsafe acts (C) | (C1) Personal factors [41] | C11—Bad motives. (e.g., tempted by money and power, antisocial personality) |
C12—Opportunities. (expiration of contract; position; expiration of term; authority.) | ||
C13—Competence. (e.g., unclear responsibility, weak sense of confidentiality, irregular operation.) | ||
(C2) Environment factors | C21—Poor working environment. (e.g., failure to implement formalization of security personnel, work incentive compensation) | |
C22—Poor technical environment. (i.e., Server security, personal computer security, update and maintenance of security systems, and/or backward security technology are/is poor.) | ||
(C3) Personal status | C31—Poor mental state. (e.g., chronic illness, low productivity) | |
C32—There are contradictions in internal personnel relations. (e.g., discord with colleagues, contradictions with superior leaders, and lack of communication between the team.) | ||
C33—High working pressure levels. | ||
Unsafe acts (D) | (D1) Violation | D11—Failure to conduct pre-employment background checks on employees or pre-job reviews of confidential personnel is mere formalities. |
D12—Employees’ familiarity with the company’s internal safety policy/low level of mastery of safety skills. | ||
D13—Information and technology within the enterprise are not subject to access control and key management according to the level of confidentiality. | ||
D14—Failure to sign confidentiality contracts or non-compete agreements with classified employees. | ||
D15—Secret personnel install remote control software without authorization and access internal information systems [45]. | ||
(D2) Errors | D21—Misuse of internal system resources by employees or partners; mishandling of data. | |
D22—Installing unauthorized applications and using unapproved workarounds. | ||
D23—Secret personnel mistakenly clicked unsolicited emails or phishing URLs. | ||
D24—There is a mistake in removing access to internal information and retiring confidential documents and equipment when confidential employees leave their jobs. |
Expert | Weight |
---|---|
Expert 1 (E1) | 0.24 |
Expert 2 (E2) | 0.20 |
Expert 3 (E3) | 0.19 |
Expert 4 (E4) | 0.22 |
Expert 5 (E5) | 0.15 |
Symbols | E1 | E2 | E3 | E4 | E5 | N* | PIR |
---|---|---|---|---|---|---|---|
A11 | L | M | H | VH | M | 0.578 | 0.00847 |
A12 | VL | N | VL | M | M | 0.328 | 0.00120 |
A13 | M | H | M | H | H | 0.614 | 0.01069 |
A21 | L | L | L | H | L | 0.388 | 0.00210 |
A22 | H | M | M | VH | M | 0.636 | 0.01229 |
A23 | M | L | L | M | VL | 0.362 | 0.00166 |
A24 | VH | L | L | L | VL | 0.414 | 0.00261 |
A31 | VH | M | M | H | M | 0.64 | 0.01261 |
A32 | L | H | L | M | L | 0.424 | 0.00283 |
A33 | VL | M | M | H | H | 0.478 | 0.00427 |
A34 | M | H | M | M | H | 0.57 | 0.00804 |
A35 | M | H | H | VL | M | 0.49 | 0.00466 |
B11 | L | H | M | H | H | 0.566 | 0.00783 |
B12 | H | M | L | L | H | 0.496 | 0.00486 |
B13 | VH | VH | H | H | M | 0.758 | 0.02675 |
B14 | L | M | M | L | M | 0.408 | 0.00248 |
B15 | VH | H | M | M | M | 0.636 | 0.01229 |
B21 | VL | L | L | L | M | 0.282 | 0.00072 |
B22 | H | L | M | M | H | 0.538 | 0.00650 |
B23 | VH | L | H | H | H | 0.668 | 0.01504 |
B31 | L | M | VH | VL | H | 0.47 | 0.00403 |
B32 | VL | L | H | L | H | 0.388 | 0.00210 |
B41 | H | L | M | L | M | 0.464 | 0.00385 |
B42 | VH | VH | H | M | L | 0.684 | 0.01664 |
B43 | M | M | M | L | M | 0.456 | 0.00363 |
C11 | VH | M | H | VH | H | 0.752 | 0.02572 |
C12 | VH | M | M | M | M | 0.596 | 0.00952 |
C13 | H | M | M | H | VH | 0.652 | 0.01360 |
C21 | L | L | L | L | H | 0.36 | 0.00163 |
C22 | VH | L | L | L | VH | 0.534 | 0.00633 |
C31 | VL | VL | VL | VH | M | 0.336 | 0.00130 |
C32 | M | VL | L | H | M | 0.426 | 0.00287 |
C33 | L | VL | VL | H | VL | 0.28 | 0.00070 |
D11 | L | H | L | H | H | 0.48 | 0.00433 |
D12 | M | M | M | H | H | 0.574 | 0.00825 |
D13 | M | VH | H | H | H | 0.692 | 0.01751 |
D14 | VH | H | M | M | H | 0.666 | 0.01485 |
D15 | VH | VH | VH | H | VH | 0.856 | 0.05368 |
D21 | M | VH | H | VH | VH | 0.766 | 0.02820 |
D22 | H | VH | H | M | VH | 0.726 | 0.02173 |
D23 | M | H | VH | H | H | 0.69 | 0.01728 |
D24 | H | H | M | L | VH | 0.604 | 0.01002 |
Symbol | Rank | Category |
---|---|---|
A22 (Managers don’t pay enough attention to the internal security organization.) | 1 | Organizational influences |
A11 (Insufficient safety education and training.) | 2 | |
A23 (Lack of humanistic care for employees who are inclined to leave.) | 3 | |
A24 (Enterprise talent mobility is large.) | 4 | |
C13 (Competence.) | 5 | Preconditions for unsafe acts |
A13 (Internal information access control and security detection system deployment are flawed) | 6 | Organizational influences |
A12 (Security costs are under-invested.) | 7 | |
B13 (There is no activity logging for employee email, online activity, and network traffic.) | 8 | Unsafe supervision |
D12 (Employees’ familiarity with the company’s internal safety policy / low level of mastery of safety skills.) | 9 | Unsafe acts |
C12 (Opportunities.) | 10 | Preconditions for unsafe acts |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zeng, M.; Dian, C.; Wei, Y. Risk Assessment of Insider Threats Based on IHFACS-BN. Sustainability 2023, 15, 491. https://doi.org/10.3390/su15010491
Zeng M, Dian C, Wei Y. Risk Assessment of Insider Threats Based on IHFACS-BN. Sustainability. 2023; 15(1):491. https://doi.org/10.3390/su15010491
Chicago/Turabian StyleZeng, Min, Chuanzhou Dian, and Yaoyao Wei. 2023. "Risk Assessment of Insider Threats Based on IHFACS-BN" Sustainability 15, no. 1: 491. https://doi.org/10.3390/su15010491
APA StyleZeng, M., Dian, C., & Wei, Y. (2023). Risk Assessment of Insider Threats Based on IHFACS-BN. Sustainability, 15(1), 491. https://doi.org/10.3390/su15010491