Insider Threat and Information Security Management

Lizzie Coles-Kemp; Marianthi Theoharidou

doi:10.1007/978-1-4419-7133-3_3

Insider Threat and Information Security Management

Lizzie Coles-Kemp, Marianthi Theoharidou

Department of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

Original language	English
Title of host publication	Insider Threats in Cyber Security
Subtitle of host publication	Advances in Information Security
Publisher	Springer
Pages	45-71
Number of pages	26
Volume	49
DOIs	https://doi.org/10.1007/978-1-4419-7133-3_3
Publication status	Published - 2010

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-1-4419-7133-3_3

Cite this

@inbook{b3c3f5d0d9c04a4b892e1436860320e2,

title = "Insider Threat and Information Security Management",

abstract = "The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.",

author = "Lizzie Coles-Kemp and Marianthi Theoharidou",

year = "2010",

doi = "10.1007/978-1-4419-7133-3_3",

language = "English",

volume = "49",

pages = "45--71",

booktitle = "Insider Threats in Cyber Security",

publisher = "Springer",

}

TY - CHAP

T1 - Insider Threat and Information Security Management

AU - Coles-Kemp, Lizzie

AU - Theoharidou, Marianthi

PY - 2010

Y1 - 2010

N2 - The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

AB - The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

U2 - 10.1007/978-1-4419-7133-3_3

DO - 10.1007/978-1-4419-7133-3_3

M3 - Chapter

VL - 49

SP - 45

EP - 71

BT - Insider Threats in Cyber Security

PB - Springer

ER -