Multiple case study approach to identify aggravating variables of insider threats in information systems
Document Type
Article
Source of Publication
Communications of the Association for Information Systems
Publication Date
12-1-2014
Abstract
© 2014 by the Association for Information Systems. Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders’ motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners.
DOI Link
ISSN
Publisher
Association for Information Systems
Volume
35
First Page
333
Last Page
356
Disciplines
Computer Sciences
Keywords
Data breaches, Information systems security, Insider threat, Neutralization, Qualitative research
Scopus ID
Recommended Citation
Nicho, Mathew and Kamoun, Faouzi, "Multiple case study approach to identify aggravating variables of insider threats in information systems" (2014). All Works. 2456.
https://zuscholars.zu.ac.ae/works/2456
Indexed in Scopus
yes
Open Access
yes
Open Access Type
Bronze: This publication is openly available on the publisher’s website but without an open license