Redefining insider threats: a distinction between insider hazards and insider threats

被引:0
|
作者
Mathias Reveraert
Tom Sauer
机构
[1] Universiteit Antwerpen Faculteit Politieke en Sociale Wetenschappen,
[2] Universiteit Antwerpen Faculteit Politieke en Sociale Wetenschappen,undefined
来源
Security Journal | 2021年 / 34卷
关键词
Insider threat; Insider hazard; Organizational culture; Organizational behavior; Security policy; Trust;
D O I
暂无
中图分类号
学科分类号
摘要
This article suggests a new definition of insiders and insider threats. It refrains from applying a harm-oriented perspective that concentrates on the insider’s intention to cause harm because it defines the insider threat either too narrow or too broad. Instead, a privilege-oriented perspective is applied that focuses on the insider’s intention to misuse his privileged access to or knowledge about the organizational assets. Because existing privilege-oriented definitions refrain from making an explicit and clear-cut division between intentional and unintentional misuse of privilege, a new conceptualization is suggested that distinguishes insider hazards from insider threats. If the insider unintentionally misuses his insider privilege, it concerns an insider hazard. If the insider intentionally misuses his insider privilege, it is regarded as an insider threat.
引用
收藏
页码:755 / 775
页数:20
相关论文
共 50 条
  • [1] Redefining insider threats: a distinction between insider hazards and insider threats
    Reveraert, Mathias
    Sauer, Tom
    SECURITY JOURNAL, 2021, 34 (04) : 755 - 775
  • [2] Insider threats
    Hobbs, Christopher
    INTERNATIONAL AFFAIRS, 2019, 95 (03) : 725 - 726
  • [3] Identifying Indicators of Insider Threats: Insider IT Sabotage
    Claycomb, William R.
    Huth, Carly L.
    Phillips, Brittany
    Flynn, Lori
    McIntire, David
    2013 47TH INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2013,
  • [4] Social engineering and Insider threats
    LiuXiangyu
    LiQiuyang
    Chandel, Sonali
    2017 INTERNATIONAL CONFERENCE ON CYBER-ENABLED DISTRIBUTED COMPUTING AND KNOWLEDGE DISCOVERY (CYBERC), 2017, : 25 - 34
  • [5] Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats
    Hu, Teng
    Xin, Bangzhou
    Liu, Xiaolei
    Chen, Ting
    Ding, Kangyi
    Zhang, Xiaosong
    SENSORS, 2020, 20 (18) : 1 - 18
  • [6] A primer on insider threats in cybersecurity
    Prabhu, Sunitha
    Thompson, Nik
    INFORMATION SECURITY JOURNAL, 2022, 31 (05): : 602 - 611
  • [7] Isabelle Modelchecking for Insider Threats
    Kammuller, Florian
    DATA PRIVACY MANAGEMENT AND SECURITY ASSURANCE, 2016, 9963 : 196 - 210
  • [8] Modelling of Enterprise Insider Threats
    Roy, Puloma
    Mazumdar, Chandan
    2015 INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), 2015, : 132 - 136
  • [9] Identifying and Mitigating Insider Threats
    Probst, Christian W.
    IT-INFORMATION TECHNOLOGY, 2011, 53 (04): : 202 - 206
  • [10] Insider Threats in Information Security
    Elmrabit, Ncbrase
    Yang, Shuang-Hua
    Yang, Lili
    2015 21ST INTERNATIONAL CONFERENCE ON AUTOMATION AND COMPUTING (ICAC), 2015, : 108 - 113
12345