Multiple case study approach to identify aggravating variables of insider threats in information systems
Source of Publication
Communications of the Association for Information Systems
© 2014 by the Association for Information Systems. Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders’ motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners.
Association for Information Systems
Data breaches, Information systems security, Insider threat, Neutralization, Qualitative research
Nicho, Mathew and Kamoun, Faouzi, "Multiple case study approach to identify aggravating variables of insider threats in information systems" (2014). All Works. 2456.
Indexed in Scopus
Open Access Type
Bronze: This publication is openly available on the publisher’s website but without an open license