Insider Threat and Information Security Management

Lizzie Coles-Kemp, Marianthi Theoharidou

Research output: Chapter in Book/Report/Conference proceedingChapter


The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.
Original languageEnglish
Title of host publicationInsider Threats in Cyber Security
Subtitle of host publicationAdvances in Information Security
Number of pages26
Publication statusPublished - 2010

Cite this