Analyzing Human Behavior Using Case-Based Reasoning with the Help of Forensic Questions

Whether programs are called data loss prevention, content monitoring and filtering, employee activity monitoring, counter corruption, insider trading, or fraud detection, organizations have increasingly implemented projects and initiatives to examine and address insider threats. Insider-perpetrated computer crime is committed by individuals who have permission to use a system, and it is, therefore, based on the actions of trusted users. Most information walks out the front door, not through the firewall. This paper presents a theoretical model for analyzing human behavior according to an organization´s compliance with legal, institutional, and organizational laws. The theory uses case-based reasoning (CBR) technologies in conjunction with directed acyclic graphs (DAG) and a Hamming similarity function. Defined paths and path deviations in the graphs can be classified to answer automated questions(W7) regarding compliance. The procedure for this model is borrowed from criminology and is referred to as compliance profiling.