The insider threat to information systems and the effectiveness of ISO17799

Computers and Security

Volumn 24, Issue 6, 2005, Pages 472-484

  Theoharidou, Marianthi ^a   Kokolakis, Spyros ^b   Karyda, Maria ^a   Kiountouzis, Evangelos ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

^b UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Computer misuse; Criminology theories; Insider threat; IS security management; ISO17799

Indexed keywords

COMPUTER CRIME; SECURITY OF DATA; SECURITY SYSTEMS; STANDARDS;

COMPUTER MISUSE; CRIMINOLOGY THEORIES; INSIDER THREAT; IS SECURITY MANAGEMENT; ISO17799;

COMPUTER SYSTEMS;

EID: 24644470542     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2005.05.002     Document Type: Article

References (37)

1. R. Agnew Testing the leading crime theories: an alternative strategy focusing on motivational process Journal of Research in Crime and Delinquency 32 4 1995 363 398
2. I. Ajzen, and M. Fishbein Understanding attitudes and predicting social behaviour 1980 Prentice-Hall Englewood Cliffs, NJ
3. I. Ajzen Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behaviour Journal of Applied Social Psychology 32 2002 665 683
4. R.L. Akers Deviant behavior: a social learning perspective 1977 Belmont, CA
5. C. Beccaria On crime and punishments 1963 Bobbs Merril Indianapolis, IN
6. A. Blumstein Introduction A. Blumstein J. Cohen D. Nagin Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates 1978 National Academy of Sciences Washington, DC
7. R.V. Clarke Situational crime prevention: theory and practice British Journal of Criminology 20 1980 136 137
8. Department of Defense, Insider Threat Integrated Process Team (DoD-ITIPT) DoD insider threat mitigation 2000 U.S. Department of Defense Available online at http://www.defenselink.mil/c3i/org/sio/iptreport4_26dbl.doc [accessed 01-Apr-05]
9. Department of Trade and Industry Information security breaches 2004 Available online at http://www.dti.gov.uk/industry_files/pdf/isbs_2004v3.pdf 2004 [accessed 01-Apr-05]
10. G. Dhillon, and S. Moores Computer crimes: theorizing about the enemy within Computers and Security 20 8 2001 715 723
11. A. Giddens Sociology 4th ed. 2001 Polity Press Cambridge, UK
12. S. Hinde The law, cybercrime, risk assessment and cyber protection Computers and Security 22 2 2003 90 95
13. T. Hirschi Causes of delinquency 1969 University of California Press Berkeley, CA
14. R.C. Hollinger Acts against the workplace: social bonding and employee deviance Deviant Behaviour 7 1986 53 75
15. R.C. Hollinger Crime by computer: correlates of software piracy and unauthorized account access Security Journal 4 1 1993 2 12
16. K. Höne, and J.H. Eloff Information security policy - what do international information security standards say? Computers and Security 21 5 2002 402 409
17. ISO/IEC Information technology - code of practice for information security management 2000 ISO/IEC 17799: 2000(E), Geneva, Switzerland
18. J. Leach Improving user security behaviour Computers and Security 22 8 2003 685 692
19. J. Lee, and Y. Lee A holistic model of computer abuse within organisations Information Management and Computer Security 10 2 2002 57 63
20. S.M. Lee, S. Lee, and Y. Sangjin An integrative model of computer abuse based on social control and general deterrence theories Information and Management 41 6 2003 707 718
21. Magklaras GB, Furnell SM. A preliminary model of end user sophistication for insider threat prediction in IT systems, Computers and Security, in press. doi:10.1016/j.cose.2004.10.003.
22. J. Mingers Multi-paradigm multimethodology J. Mingers A. Gill Multimethodology: the theory and practice of combining management science methodologies 1997 J.Wiley & Sons Ltd 1 20
23. P.G. Neumann The challenges of insider misuse Proceedings of the workshop on preventing, detecting, and responding to malicious insider misuse August 1999 RAND Corp Santa Monica, CA
24. NSTISSAM Advisory memorandum on the insider threat to U.S. government information systems US NSTISSC. Available online at http://www.cnss.gov/ 1999 [accessed 01-Apr-05]
25. D.B. Parker Fighting computer crime: a new framework for protecting information 1998 John Wiley and Sons New York, NY
26. D. Porter Insider fraud: spotting the wolf in sheep's clothing Computer Fraud and Security 2003 4 2003 12 15
27. E.E. Schultz A framework for understanding and predicting insider attacks Computers and Security 21 6 2002 526 531
28. W.F. Skinner, and A.M. Fream A social learning theory analysis of computer abuse among college students Journal of Research in Crime and Delinquency 34 4 1997 495 518
29. J.M. Stanton, K.R. Stam, P. Mastrangelo, and J. Jolton Analysis of end user security behaviours Computers and Security 24 2 2005 124 133
30. D.W. Straub Effective IS security: an empirical study Information System Research 1 3 1990 255 276
31. D.W. Straub, and R.J. Welke Coping with systems risk: security planning models for management decision making MIS Quarterly 22 4 1998 441 465
32. E. Sutherland Criminology 1924 J.B. Lippincott Philadelphia
33. Tuglular T. A preliminary structural approach to insider computer misuse incidents. In: Proceedings of EICAR 2000 international conference, Brussels, Belgium; March 2000.
34. Y. Vardi, and Y. Wiener Misbehavior in organisations: a motivational framework Organization Science 7 2 1996 151 165
35. R. Willison Understanding and addressing criminal opportunity: the application of situational crime prevention to IS security Working Paper Series 100 2001 Department of Information Systems, London School of Economics and Political Science
36. Willison R. Understanding the offender/environment dynamic for computer crimes: assessing the feasibility of applying criminological theory to the IS security context. In: Proceedings of the 37th Hawaii international conference on system sciences; 2004.
37. B.J. Wood An insider threat model for adversary simulation R. Anderson T. Bozek T. Longstaff W. Meitzler M. Skroch K. van Wyk Research on mitigating the insider threat to information systems - #2 2000 RAND Publ. Santa Monica, CA