Mathew Nicho
Multiple case study approach to identify aggravating variables of insider threats in information systems.
Nicho, Mathew; Kamoun, Faouzi
Authors
Faouzi Kamoun
Abstract
Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners.
Citation
NICHO, M. and KAMOUN, F. 2014. Multiple case study approach to identify aggravating variables of insider threats in information systems. Communications of the association for information systems [online], 35, Article 18. Available from: http://aisel.aisnet.org/cais/vol35/iss1/18
Journal Article Type | Article |
---|---|
Acceptance Date | Dec 31, 2014 |
Online Publication Date | Dec 31, 2014 |
Publication Date | Dec 31, 2014 |
Deposit Date | Sep 17, 2015 |
Publicly Available Date | Sep 17, 2015 |
Journal | Communications of the association for information systems |
Electronic ISSN | 1529-3181 |
Publisher | Association for Information Systems |
Peer Reviewed | Not Peer Reviewed |
Volume | 35 |
Article Number | 18 |
Keywords | Insider threat; Neutralisation; Data breaches; Information systems security; Qualitative research |
Public URL | http://hdl.handle.net/10059/1297 |
Publisher URL | http://aisel.aisnet.org/cais/vol35/iss1/18 |
Files
NICHO 2014 Multiple case study approach
(748 Kb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by-nc-nd/4.0/