Security concerns of system users: a study of perceptions of the adequacy of security
Information and Management
Timid choices and bold forecasts: a cognitive perspective on risk taking
Management Science
Initial trust, perceived risk, and the adoption of internet banking
ICIS '00 Proceedings of the twenty first international conference on Information systems
Do privacy seals in e-commerce really work?
Communications of the ACM - Mobile computing opportunities and challenges
Prospect Theory: Much Ado About Nothing?
Management Science
Introduction to Human Factors and Ergonomics for Engineers (Human Factors and Ergonomics Series)
Introduction to Human Factors and Ergonomics for Engineers (Human Factors and Ergonomics Series)
Security as a contributor to knowledge management success
Information Systems Frontiers
Overcoming organizational challenges to secure knowledge management
Information Systems Frontiers
Combating the Insider Cyber Threat
IEEE Security and Privacy
Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security)
Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security)
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Information Systems Research
Overcoming the insider: reducing employee computer crime through Situational Crime Prevention
Communications of the ACM - The Status of the P versus NP Problem
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Ontological semantic technology for detecting insider threat and social engineering
Proceedings of the 2010 workshop on New security paradigms
Risk communication design: video vs. text
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Guest editorial: A brief overview of data leakage and insider threats
Information Systems Frontiers
| Hi-index | 0.00 |
There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders' perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders.