Multiple Case Study Approach to Identify Aggravating Variables of Insider Threats in Information Systems

Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders’ motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners

A Decade in Review: Aligning Information Systems Security (ISS) with the NICE framework

Information systems security (ISS) research has emerged increasing consistently since the 1970s through the 2000’s with significant connections to the organizations, the users, and the technology. Work has been done to better understand what knowledge is necessary with developments such as the National Initiative for Cybersecurity Education (NICE) framework. As ISS research exists at the intersection of technology, people, and organizations, IS researchers are uniquely qualified to contribute to this burgeoning area. As we continue to contribute, we should do so mindfully of how it draws on our strengths, and contributes to the identity of the discipline, as well as the evolving nature subject matter. Utilizing the NICE framework, we perform a decade long assessment of ISS research within top IS journals. We identify major themes in ISS research, and identify gaps where future IS researchers may be able to contribute

The AI Family: The Information Security Managers Best Frenemy?

In this exploratory study, we deliberately pull apart the Artificial from the Intelligence, the material from the human. We first assessed the existing technological controls available to Information Security Managers (ISMs) to ensure their in-depth defense strategies. Based on the AI watch taxonomy, we then discuss each of the 15 technologies and their potential impact on the transformation of jobs in the field of security (i.e., AI trainers, AI explainers and AI sustainers). Additionally, in a pilot study we collect the evaluation and the narratives of the employees (n=6) of a small financial institution in a focus group session. We particularly focus on their perception of the role of AI systems in the future of cyber security

Multiple case study approach to identify aggravating variables of insider threats in information systems

© 2014 by the Association for Information Systems. Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders’ motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners

Characteristics of Malicious Insiders and Their Relationships with Different Types of Malicious Attacks

Malicious insiders continue to pose a great threat to organizations. With their knowledge and access to organizational resources, malicious insiders could launch attacks more easily that result in more damaging impacts compared to outsiders. However, empirical research about malicious insiders is rare due to the unavailability of data. With few exceptions, many studies focus on a small number of cases. In order to identify common characteristics of a large number of malicious insiders, these studies employ text mining to analyze 133 real-world cases of offenders from military units, intelligence agencies, and business organizations with data available to public. I first compare malicious insiders sample with the general public then to the sample of benign insiders. The results show that the prevalence of antisocial personality disorder, avoidant personality disorder, disruptive mood dysregulation disorder and disgruntlement among malicious insider are higher than the general public and the sample of benign insiders. Also, the prevalence of interactions of disgruntlement and personality disorders among malicious insiders are higher than the benign insiders. The final study found that the emotional characteristics of malicious insiders are more associated with expressive attacks, on the other side, cognitive characteristics are more associated with instrumental attacks. Contributions of this study reside in two aspects: first, I utilize public data from documented malicious insider cases, implying a potentially valuable data source for future studies in this domain; second, I validate malicious insider characteristics identified in previous research, thereby establishing a foundation for more comprehensive research in the future.Management Information Systems (MS

Cyber defensive capacity and capability::A perspective from the financial sector of a small state

This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets