Organizations' readiness for insider attacks: A process-oriented approach

被引:0
|
作者
AlGhamdi, Azzah A. [1 ,2 ,3 ,4 ]
Niazi, Mahmood [1 ,2 ]
Alshayeb, Mohammad [1 ,2 ]
Mahmood, Sajjad [1 ,2 ]
机构
[1] King Fahd Univ Petr & Minerals, Dept Informat & Comp Sci, Dhahran, Saudi Arabia
[2] King Fahd Univ Petr & Minerals, Interdisciplinary Res Ctr Intelligent Secure Syst, Dhahran, Saudi Arabia
[3] Imam Abdulrahman Bin Faisal Univ, Dept Comp Informat Syst, Al Khobar, Saudi Arabia
[4] King Fahd Univ Petr & Minerals, Dept Informat & Comp Sci, Dhahran 31261, Saudi Arabia
来源
SOFTWARE-PRACTICE & EXPERIENCE | 2024年 / 54卷 / 08期
关键词
best practices; insider attack; knowledge area; multivocal literature review; organizations; readiness model; SOFTWARE PROCESS IMPROVEMENT; USER ACCEPTANCE; MODEL; FRAMEWORK; THREATS; IMPLEMENTATION;
D O I
10.1002/spe.3327
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Context: Organizations constantly strive to protect their assets from outsider attacks by implementing various security controls, such as data encryption algorithms, intrusion detection software, firewalls, and antivirus programs. Unfortunately, attackers strike not only from outside the organization but also from within. Such internal attacks are called insider attacks or threats, and the people responsible for them are insider attackers or insider threat agents. Insider attacks pose more significant risks and can result in greater organizational losses than outsider attacks. Thus, every organization should be vigilant regarding such attackers to protect its valuable resources from harm. Finding solutions to protect organizations from such attacks is critical. Despite the importance of this topic, little research has been conducted on providing solutions to mitigate insider attacks. Objective: This study aims to develop an organizational readiness model to assess an organization's readiness for insider attacks. Method: We conducted a multivocal literature review to identify practices that can be used to assess organizations' readiness against insider attacks. These practices were grouped into different knowledge areas of insider attacks for organizations. The insider attack readiness model was developed using identified best practices and knowledge areas: compliance, top management, human resources, and technical. Results: This model was evaluated at two levels-academic and real-world environments. The evaluation results show that the proposed model can identify organizations' readiness against insider attacks. Conclusion: The proposed model can guide organizations through a secure environment against insider attacks.
引用
收藏
页码:1565 / 1589
页数:25
相关论文
共 50 条
  • [11] Translation Metamorphosis: a process-oriented approach to onomastics
    Ilkhanipour, Negin
    PERSPECTIVES-STUDIES IN TRANSLATOLOGY, 2014, 22 (02): : 271 - 281
  • [12] (RE)TRANSLATION FROM A PROCESS-ORIENTED APPROACH
    Malta, Gleiton
    Fontes, Cristiane Silva
    Lourenco da Silva, Igor A.
    CADERNOS DE TRADUCAO, 2019, 39 (01): : 191 - 215
  • [13] The Application of Process-oriented Approach in English Writing
    张小艳
    科技信息, 2013, (16) : 209 - 210
  • [14] PROCESS-ORIENTED APPROACH TO ECOSYSTEM MODELING.
    Smerage, Glen H.
    1600, ISA, Pittsburgh, Pa
  • [15] On the Process-Oriented Approach in Oral English Teaching
    Li, Tao
    PROCEEDINGS OF THE SEVENTH NORTHWAST ASIA INTERNATIONAL SYMPOSIUM ON LANGUAGE, LITERATURE AND TRANSLATION, 2018, : 651 - 656
  • [16] A process-oriented approach to the biological removal of selenium
    Hrycenko, M
    Sobolewski, A
    PROCEEDINGS OF THE TWENTY-THIRD ANNUAL BRITISH COLUMBIA MINE RECLAMATION SYMPOSIUM: MINE DECOMMISSIONING, 1999, : 22 - 31
  • [17] Bangladeshi Migration to Singapore: A Process-oriented Approach
    Ullah, A. K. M. Ahsan
    SOUTH ASIA RESEARCH, 2018, 38 (03) : S98 - S100
  • [18] TOWARD AN ORGANIZATIONAL DSS - A PROCESS-ORIENTED APPROACH
    IYER, RK
    RAJA, MK
    HUMAN SYSTEMS MANAGEMENT, 1987, 7 (01): : 21 - 29
  • [19] Bangladeshi Migration to Singapore: A Process-Oriented Approach
    Chattoraj, Diotima
    SOJOURN-JOURNAL OF SOCIAL ISSUES IN SOUTHEAST ASIA, 2019, 34 (02) : 457 - 460
  • [20] A generic blood banking and transfusion process-oriented architecture for virtual organizations
    Rjoop, Anwar
    Elhaj, Shaima'
    Tbaishat, Dina
    Odeh, Yousra
    Mansour, Asem
    Odeh, Mohammed
    PLOS ONE, 2024, 19 (06):