Percolation Model of Insider Threats to Assess the Optimum Number of Rules
This addresses the challenge of insider threat management for organizations by providing a theoretical framework to assess regulatory regimes, though it is incremental as it builds on existing percolation models from physics.
The paper tackles the problem of finding an optimal number of rules to balance over-regulation and under-regulation in work environments, using a Toy Model to identify four regimes (under-regulated, possibly optimal, tipping-point, and over-regulated) based on the number of rules and minimum latitude required for normal individuals.
Rules, regulations, and policies are the basis of civilized society and are used to coordinate the activities of individuals who have a variety of goals and purposes. History has taught that over-regulation (too many rules) makes it difficult to compete and under-regulation (too few rules) can lead to crisis. This implies an optimal number of rules that avoids these two extremes. Rules create boundaries that define the latitude an individual has to perform their activities. This paper creates a Toy Model of a work environment and examines it with respect to the latitude provided to a normal individual and the latitude provided to an insider threat. Simulations with the Toy Model illustrate four regimes with respect to an insider threat: under-regulated, possibly optimal, tipping-point, and over-regulated. These regimes depend up the number of rules (N) and the minimum latitude (Lmin) required by a normal individual to carry out their activities. The Toy Model is then mapped onto the standard 1D Percolation Model from theoretical physics and the same behavior is observed. This allows the Toy Model to be generalized to a wide array of more complex models that have been well studied by the theoretical physics community and also show the same behavior. Finally, by estimating N and Lmin it should be possible to determine the regime of any particular environment.