Multiple case study approach to identify aggravating variables of insider threats in information systems

Document Type

Article

Source of Publication

Communications of the Association for Information Systems

Publication Date

12-1-2014

Abstract

© 2014 by the Association for Information Systems. Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders’ motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners.

ISSN

1529-3181

Publisher

Association for Information Systems

Volume

35

First Page

333

Last Page

356

Disciplines

Computer Sciences

Keywords

Data breaches, Information systems security, Insider threat, Neutralization, Qualitative research

Scopus ID

84921803419

Indexed in Scopus

yes

Open Access

yes

Open Access Type

Bronze: This publication is openly available on the publisher’s website but without an open license

Share

COinS