Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Mining of E-Mails to Support Periodic & Continuous Assurance Glen L. Gray California State University at Northridge Roger Debreceny University of.

Published byCandice Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Mining of E-Mails to Support Periodic & Continuous Assurance Glen L. Gray California State University at Northridge Roger Debreceny University of."— Presentation transcript:

1 Data Mining of E-Mails to Support Periodic & Continuous Assurance Glen L. Gray California State University at Northridge Roger Debreceny University of Hawai`i at Mānoa 5th Symposium on Information Systems Assurance Toronto: October 2007

2 In this Presentation Continuous monitoring of emails – why? Technologies Social Network Analysis Text analysis Challenges Opportunities

3 Continuous Monitoring of Emails – Why? Increased focus on forensic approaches to auditing Increased interest in continuous assurance and monitoring of business processes Emails = Organization’s DNA Evidential matter on: Employee & management fraud (overrides) Compliance (e.g., HIPAA) Loss of intellectual property Corporate policies

4 Enron Email Archive Released by Federal Energy Regulatory Commission 500K emails 151 Enron employees Cleaned version at Carnegie Mellon www.cs.cmu.edu/~enron/ www.cs.cmu.edu/~enron/ Relational DB version at USC www.isi.edu/~adibi/Enron/Enron_Dataset_R eport.pdf www.isi.edu/~adibi/Enron/Enron_Dataset_R eport.pdf

5 Email Mining Targets

6 Content Analysis

7 Key Word Queries Yes, people do say self-incriminating things in their emails Fraud Corporate dysfunction Overwhelming false positives Need “smart” compound queries Good continuous auditing (CA) candidate Already scanning for spam, porn, etc.

8 Sender Deception -- Content Deceptive emails include: Fewer first-person pronouns to dissociate themselves from their own words Fewer exclusive words, such as but and except, to indicate a less complex story More negative emotion words because of the sender’s underlying feeling of guilt More action verbs to, again, indicate a less complex story

9 Sender Deception -- Identification Writeprint features Lexical -- characters & words Function words Root words Syntactic -- sentences Structural -- paragraphs Content-specific

10 Sender Deception -- Identification Number of potential features unlimited Optimum number can vary by context and language Developing user profiles and comparing new emails to profiles would be challenging for real-time CA

11 Temporal/Log Analysis

12 Volume & Velocity Volume = number of emails a person sends and/or receives over a period of time. Velocity = how quickly the volume changes. Many external factors (e.g., vacations, seasonal activities, etc.) impact these numbers Need “rolling histogram”

13 Volume & Velocity Key issue -- determining the optimum time intervals to sample the data Continuous monitoring cannot be continuous in terms of sampling in real time Comparing hourly, daily, and even weekly volumes and velocities will result in many false positives Optimum time internal could vary by job title

14 Social Network Analysis

15 Social relationships as an undirected graph Importance of understanding relationships within the flow of email exchanges

16 Social Network Analysis in Emails Emails semi-structured data sender primary recipient(s) copied recipient(s) date subject line Social groups and cliques CA = who doesn’t belong?

17 Thread Analysis – This? Time S R C C SR C C R C C S S R C C

18 Thread Analysis – Or this? Time S R C C S R R C S C R RS R

19 Integrating Content Analysis and Social Network Analysis

20 Challenges of Email Mining Textual Inconsistent use of abbreviations Misspelled words Smileys etc. etc. Replies, replies, and more replies… Inability to identify: Identities of email participants anon@anon.mail.sender.net Roles and responsibilities

21 What Enron Emails Show? People do say the darnest things What did he know and when did he know it? Verified numerous bodies of email data mining research Content analysis Social network analysis

22 Tools Content monitoring eSoft Corporation’s ThreatWall Symantec’s Mail Security 8x00 Series Vericept Corporation’s Vericept Content 360º Reconnex Corporation’s iGuard Appliance InBoxer, Inc. Anti-Risk Appliance Social networks Microsoft SNARF Heer Vizter

23 Research Opportunities

24 Research Questions Role of email monitoring in overall CA environment? Join SNA with examination of textual patterns. Link SNA with control environment Frauds/control overrides footprint? What email cleaning is required for CA purposes? Privacy and policy issues? Lessons from existing commercial products?

25 Your Questions Thank You glen.gray@csun.edu glen.gray@csun.edu rogersd@hawaii.edu

Download ppt "Data Mining of E-Mails to Support Periodic & Continuous Assurance Glen L. Gray California State University at Northridge Roger Debreceny University of."

Similar presentations

Every student. every classroom. every day. February 13, 2008 Multi-Year Fiscal Sustainability Plan: 2008 - 2011.

Every student. every classroom. every day. February 13, 2008 Multi-Year Fiscal Sustainability Plan:
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.

Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web 06-10-2011.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web
04b | Manage Test Execution (2 of 2) Steven Borg | Co-founder & Strategist, Northwest Cadence Anthony Borton | ALM Consultant, Enhance ALM.

04b | Manage Test Execution (2 of 2) Steven Borg | Co-founder & Strategist, Northwest Cadence Anthony Borton | ALM Consultant, Enhance ALM.
Data Mining As A Continuous Auditing Tool for “Soft Information”: A Research Question A Research Proposal By J. Donald Warren, Jr. Rutgers University Fifth.

Data Mining As A Continuous Auditing Tool for “Soft Information”: A Research Question A Research Proposal By J. Donald Warren, Jr. Rutgers University Fifth.
Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.

Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.
Roger S. Debreceny Shidler College of Business University of Hawai‘i at Mānoa Glen L. Gray College of Business & Economics California State University,

Roger S. Debreceny Shidler College of Business University of Hawai‘i at Mānoa Glen L. Gray College of Business & Economics California State University,
Dobrin / Keller / Weisser : Technical Communication in the Twenty-First Century. © 2008 Pearson Education. Upper Saddle River, NJ, 07458. All Rights Reserved.

Dobrin / Keller / Weisser : Technical Communication in the Twenty-First Century. © 2008 Pearson Education. Upper Saddle River, NJ, All Rights Reserved.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
A RESEARCH TAXONOMY: THE APPLICATION OF DATA MINING TO FRAUD DETECTION Glen L. Gray California State University at Northridge Roger Debreceny University.

A RESEARCH TAXONOMY: THE APPLICATION OF DATA MINING TO FRAUD DETECTION Glen L. Gray California State University at Northridge Roger Debreceny University.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
EXL302-R. Storage Management Balance mailbox size demands with available storage resources Reduce the proliferation of.PST files stored outside of IT.

EXL302-R. Storage Management Balance mailbox size demands with available storage resources Reduce the proliferation of.PST files stored outside of IT.
WRITE E-MAIL MARKETING COPY and EXECUTE TARGETED E-MAILS 3.07.

WRITE MARKETING COPY and EXECUTE TARGETED S 3.07.
Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Governance, Risk, and Compliance Bill Greene Senior Industry Director.
Hello Employee, Welcome to MStreamIT!

Hello Employee, Welcome to MStreamIT!
Query Health Business Working Group Kick-Off September 8, 2011.

Query Health Business Working Group Kick-Off September 8, 2011.

Similar presentations

Ads by Google