Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


This research introduced two new scales for the identification and measurement of negative sentiment and insider risk in communications in order to examine the unexplored relationship between these two constructs. The inter-rater reliability and criterion validity of the Scale of Negativity in Texts (SNIT) and the Scale of Insider Risk in Digital Communications (SIRDC) were established with a random sample of email from the Enron archive and criterion measures from established insiders, disgruntled employees, suicidal, depressed, angry, anxious, and other sampled groups. In addition, the sensitivity of the scales to changes over time as the risk of digital attack increased and transitioned to a physical attack was also examined in an actual case study. Inter-rater reliability for the SNIT was extremely high across groups while the SIRDC produced lower, but acceptable levels of agreement. Both measures also significantly distinguished the criterion groups from the overall Enron sample. The scales were then used to measure the frequency of negative sentiment and insider risk indicators in the random Enron sample and the relationship between the two constructs. While low levels of negative sentiment were found in 20% of the sample, moderate and high levels of negative sentiment were extremely rare, occurring in less than 1% of communications. Less than 4% of the sampled emails displayed indicators of insider risk on the SIRDC. Emails containing high levels of insider risk comprised less than one percent or the sample. Of the emails containing negative sentiment in the sample, only 16.3%, also displayed indicators of insider risk. The odds of a communication containing insider risk increased with the level of negative sentiment and only low levels of insider risk were found at low levels of negative sentiment. All of the emails found to contain insider risk indicators on the SIRDC also displayed some level of negative sentiment. The implications of these findings for insider risk detection were then examined.


Association of Threat Assessment Professionals. (2006). Risk assessment guideline elements for violence-Considerations for assessing the risk of future violent behavior. Retrieved from htttp://atapworldwide.org/associations/8976/files/documents/RAGE-V.pdf.

Averill, J. R. (1983). Studies on anger and aggression: Implications for theories of emotion. American Psychologist, 38: 1145-1160.

Band, S., Cappelli, D., Fischer, L, Moore, A, and Trezciek, R. (2006). Comparing insider IT sabotage and espionage: A model based approach. Carnegie Mellon, NY: Technical Report, Software Engineering Institute.

Brief, A. P., and Weiss, H. M. (2003). Organizational behavior: Affect in the workplace. Annual Review of Psychology, 53: 279-307.

Calhoun, F. and Weston, S. (2008). Threat assessment and management strategies: Identifying the howlers and hunters. Weston CRC Press. Computer Security Institute 2011 15th Annual Computer Security Institute 2010/2011 Survey, CSI. Retrieved from www.GoCSI.com.

Dalal, R. S. (2005). Meta-analysis of the relationship between organizational citizenship behavior and counterproductive work behavior. Journal of Applied Psychology, 90: 1241-1255.

Glomb, T. M., and Liao, H. (2003). Interpersonal aggression in work groups: Social influence, reciprocal, and individual effects. Academy of Management Journal, 46: 486-496.

Hansen, E. (2011). Manning-Lamo Chat Logs Revealed. Retrieved from http://www.wired.com/threatlevel/2011/07/manning-lamo-logs on July 13, 2011.

Hershcovis, M. S., and Barling, J. (2010). Towards a multi-foci approach to workplace aggression: A meta-analytic review of outcomes from different perpetrators. Journal of Organizational Behavior, 31: 24–44. doi: 10.1002/job.621.

Hershcovis, M. S., Turner, N., Barling, J., Inness, M., LeBlanc, M. M., Arnold, K. A., et al. (2007). Predicting workplace aggression: A meta-analysis. Journal of Applied Psychology, 92: 228-238.

Holton, C. (2009). Identifying disgruntled employee systems fraud risk through text mining: A simple solution for a multi-billion dollar problem. Decisions Support Systems, 4: 853-864.

Homles, T., Rahe, R., and Homes-Rahe. (1967). Social readjustment rating scale. Journal of Psychosomatic Research, 2.

Koch, Gary. (1982). Intraclass correlation coefficient, in Encyclopedia of Statistical Sciences, Samuel Kotz and Norman L. Johnson, 4. New York, NY: John Wiley & Sons. pp. 213–217.

MacLennan, R. N. (2003). Interrater reliability of police training simulations. Canadian Journal of Police and Security Services, 1: 202-209.

O’Neil, O. A., Vandenberg, R. J., DeJoy, D. M., and Wilson, M. G. (2009). Exploring relationships among Anger, perceived organizational support, and workplace outcomes. Journal of Occupational Health Psychology, 3: 318-333.

Sakurai, K. and Jex, S. M. (2012). Coworker incivility and incivility targets work effort and counterproductive work behaviors: The moderating role of supervisor social support. Journal of Occupational Health Psychology, 17: 150-161.

Schat, A. C., and Kelloway, E. K. (2005). Workplace aggression, in Handbook of Work Stress, Barling, J., Kelloway, K., and Frone, M, editors. Sage Publications, p. 189-218.

Shaw, E., and Fischer, L. F. (2005). Ten tales of betrayal: The threat to corporate infrastructures by information technology insiders analysis and observations. Defense Personnel Security Research Center, PERSEREC. Technical Report 05- 13. September 2005.

Shaw, E., Fischer, L. F., and Rose, A. E. (2009). Insider risk evaluation and audit. Technical report 9-02, Defense Personnel Security Research Center.

Shaw, E., and Stock, H. (2011). Behavioral risk indicators of malicious insider theft of intellectual property: Misreading the writing on the wall. Symantec Corporation, White Paper, December 7, 2011. http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-newsArticle

Smith, G. (2012). Opinion/Editorial: Why I Am Leaving Goldman Sachs. The New York Times, March 14, 2012, page A27.

U.S. Department of Justice (2010). Amerithrax Investigative Summary. Retrieved from http://www.justice.gov/amerithrax/docs/amx-investigativesummary.pdf.

United States District Court. (2009). District of Connecticut v. Hassan AbuJihaad. NO. 3:07CR57 .[MRK]: MEMORANDUM OF DECISION Dated at New Haven, Connecticut: March 4, 2009. Retrieved from http://jurist.law.pitt.edu/pdf/abujihaadhassan.pdf, pg. 12-20.

Weintraub, W. (1989). Verbal Behavior in Everyday Life. New York, NY: Springer.

Weintraub, W. (1981). Verbal Behavior: Adaptation and Psychopathology. New York, NY: Springer.

Wood S., and Marshall-Mies, J. C. (2003). Improving supervisor and coworker reporting of information of security concern. Defense Personnel Security Research Center. PERS-TR-02-3. Monterey, CA.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.