A canonical analysis of intentional information security breaches by insiders

Information Management & Computer Security

Volumn 17, Issue 4, 2009, Pages 296-310

  Shropshire, Jordan ^a  

^a GEORGIA SOUTHERN UNIVERSITY   (United States)

Author keywords

Behaviour; Data security; Motivation (psychology)

Indexed keywords

CANONICAL ANALYSIS; DATA SECURITY; DESIGN/METHODOLOGY/APPROACH; INFORMATION SECURITY; MOTIVATION (PSYCHOLOGY); SECURITY BREACHES; SUBSTANCE ABUSE; WARNING SIGNS;

CRIME; MOTIVATION; NETWORK SECURITY;

INFORMATION TECHNOLOGY;

EID: 76649136483     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220910993962     Document Type: Article

References (53)

1. Aldhizer, G. (2007), “The insider threat”, Internal Auditor, Vol. 65 No. 2, pp. 71-3.
2. Ambrose, M., Seabright, M. and Schminke, M. (2000), “Sabotage in the workplace: the role of organizational injustice”, Organizational Behavior and Human Decision Processes, Vol. 89 No. 1, pp. 947-66.
3. Band, S., Cappelli, D., Moore, A. and Shaw, E. (2006), Comparing Insider Sabotage and Espionage: A Model-Based Analysis, Defense Personnel Security Research Center, Monterey, CA.
4. Barton, L. (2008), Crisis Leadership Now: A Real World Guide to Preparing for Threats, Disaster, Sabotage, and Scandal, McGraw-Hill, New York, NY.
5. Bechtoldt, M., Welk, C., Hartig, J. and Zapf, D. (2007), “Main and moderating effects of self-control, organizational justice, and emotional labor on counterproductive behavior at work”, European Journal of Work and Organizational Psychology, Vol. 16 No. 4, pp. 479-500.
6. Belsis, P., Kokolakis, S. and Kiountouzis, E. (2005), “Information systems security from a knowledge management perspective”, Information Management & Computer Security, Vol. 13 No. 3, pp. 189-202.
7. Bolin, A. and Heatherly, L. (2001), “Predictors of employee deviance: the relationship between bad attitudes and bad behaviors”, Journal of Business and Psychology, Vol. 15 No. 3, pp. 405-18.
8. Cappelli, D., Desai, A., Moore, A., Shimeall, T., Weaver, E. and Willke, B. (2006), “Management and education of the risk of insider threat (MERIT)”, Proceedings of the 24th International Systems Dynamics Conference, Nijmegen, The Netherlands.
9. Crawford, K. and Bosshardt, M. (1993), Assessment of Position Factors that Increase Vulnerability to Espionage, Defense Personnel Security Research Center, Monterey, CA.
10. Galperin, B. and Burke, R. (2006), “Uncovering the relationship between workplace destructive and constructive behaviors: an exploratory study”, International Journal of Human Resource Management, Vol. 17 No. 2, pp. 331-47.
11. Gengler, B. (2002), “HP's Superdome sabotaged by ex-employee”, Computer Fraud & Security, Vol. 2 No. 1, pp. 5-6.
12. Gerrard, N. (2008), “Three year jail sentence for Carillion worker”, Contract Journal, Vol. 44 No. 3, p. 39.
13. Giacalone, R. (1987), “Reasons for employee sabotage in the workplace”, Journal of Business and Psychology, Vol. 1 No. 4, pp. 367-78.
14. Gottschalk, P. and Solli, H. (2006), “Maturity model for IT outsourcing relationships”, Industrial Management & Data Systems, Vol. 106 No. 2, pp. 200-12.
15. Granade, P. (2008), “Lost or stolen data: minimizing fallout”, Inside Counsel, Vol. 18 No. 2, p. 7.
16. Hair, J., Anderson, R., Tatham, R. and Black, W. (1998), Multivariate Data Analysis, 5th ed., Prentice-Hall, New York, NY.
17. Herbig, K. and Wiskoff, M. (2002), Espionage Against the United States by American Citizens, 1947-2001, Defense Personnel Security Research Center, Monterey, CA.
18. Herzog, A. and Shahmehri, N. (2007), “Usable set-up of runtime security policies”, Information Management & Computer Security, Vol. 15 No. 5, pp. 394-407.
19. Isreal, R. (2007), “Building an endpoint security arsenal”, Health Management Technology, Vol. 28 No. 7, pp. 12-36.
20. Kamath, J. and Flinders, K. (2008), “HMRC left the door open to data theft”, Computer Weekly, Vol. 14 No. 28, pp. 6-7.
21. Kamp, J. and Brooks, P. (1991), “Perceived organizational climate and employee counterproductively”, Business and Psychology, Vol. 5 No. 4, pp. 447-58.
22. Karmarkar, U. (2004), “Will you survive the services revolution”, Harvard Business Review, Vol. 82 No. 6, pp. 100-7.
23. Knapp, K., Marshall, T., Rainer, K. and Ford, F. (2006), “Information security: management's effect on culture and policy”, Information Management & Computer Security, Vol. 14 No. 4, pp. 24-36.
24. Kulas, J., McInnerney, J., DeMuth, J. and Jadwinski, V. (2007), “Employee satisfaction and theft: testing climate perceptions as a mediator”, Journal of Psychology, Vol. 14 No. 1, pp. 389-402.
25. Kumbakara, N. (2008), “Managed IT services: the role of IT standards”, Information Management & Computer Security, Vol. 16 No. 4, pp. 336-59.
26. McAlearney, S. (2008), “Endpoint security holes open a door for hackers”, CIO Magazine, Vol. 21 No. 20, p. 13.
27. McCrea, A. (2008), “Case of insider sabotage at Omega Engineering”, Business Case Journal, Vol. 15 No. 1, pp. 61-73.
28. Mangione, T. and Quinn, R. (1974), “Job satisfaction, counterproductive behavior, and drug use at work”, Journal of Applied Psychology, Vol. 60 No. 1, pp. 114-6.
29. Messmer, E. (2007), “Energy firms face upgrades”, Network World, Vol. 24 No. 49, p. 12.
30. Mirsky, S. (2008), “The problem with paperless”, Information Outlook, Vol. 12 No. 8, pp. 33-5.
31. Morrow, B. (2008), “1st step in defending against thieves: don't hire them”, Credit Union Journal, Vol. 12 No. 38, p. 8.
32. Neray, P. (2008), “5 steps for stopping the insider threat”, Wall Street and Technology, Vol. 26 No. 9, p. 32.
33. Neuman, J. and Baron, R. (1998), “Workplace violence and workplace aggression: evidence concerning specific forms, potential causes, and preferred targets”, Journal of Management, Vol. 24 No. 3, pp. 391-419.
34. O'Brian, K. and Allen, T. (2008), “The relative correlates of organizational citizenship behavior and counterproductive work behavior using multiple scores of data”, Business and Psychology, Vol. 21 No. 1, pp. 62-88.
35. Ohlhorst, F. (2007), “Means to an endpoint”, eWeek, Vol. 24 No. 39, pp. 1-4.
36. Parks, L. and Mount, M. (2005), “The ‘dark side’ of self-monitoring: engaging in counterproductive work behaviors”, Proceedings of the 2005 Academy of Management Conference, Honolulu, HI, pp. 1-16.
37. Prince, B. (2008), “Security tightens for SMBs”, eWeek, Vol. 25 No. 14, p. 21.
38. Qingxiong, M., Johnston, A. and Pearson, M. (2008), “Information security management objectives and practices: a parsimonious framework”, Information Management & Computer Security, Vol. 16 No. 3, pp. 251-70.
39. Robinson, S. and Bennett, B. (1997), “Workplace deviance: its definition, manifestations, and causes”, In Research on Negotiation on in Organizations., Vol. 6, pp. 3-27.
40. Roemer, K. (2008), “Treating employees as a threat”, Network Security, Vol. 11 No. 5, pp. 9-11.
41. Sarrel, M. (2008), “Security that's all business”, PC Magazine, Vol. 27 No. 4, p. 62.
42. Skarlicki, D., Barclay, L. and Pugh, D. (2008), “When explanation for layoffs are not enough: employer's integrity as a moderator of the relationship between informational justice and retaliation”, Journal of Occupational & Organizational Psychology, Vol. 81 No. 1, pp. 123-46.
43. Spector, P. (1975), “Relationships of organizational frustration with reported behavioral reactions employees”, Journal of Applied Psychology, Vol. 60 No. 5, pp. 635-7.
44. Subhas, M., Kumar, V. and Kumar, U. (2007), “A strategic modeling technique for information risk assessment”, Information Management & Computer Security, Vol. 15 No. 1, pp. 64-77.
45. Tjosvold, D. (2008), “The conflict-positive organization”, Journal of Organizational Behavior, Vol. 29 No. 1, pp. 19-28.
46. Washburn, F. (2008), “Will internet sabotage hit home”, PC Magazine, Vol. 27 No. 7, pp. 17-18.
47. Whitman, M. (2003), “Enemy at the gate: threats to information security”, Communications of the ACM, Vol. 46 No. 8, pp. 91-5.
48. Whitney, B. and Condon, T. (2008), “Five ways insiders exploit your network”, Network World, Vol. 25 No. 19, p. 25.
49. Jacob, B., Lefgren, L. and Moretti, E. (2007), “The dynamics of human behavior”, Journal of Human Resources, Vol. 42 No. 3, pp. 389-427.
50. Kramer, L., Heuer, R. and Crawford, K. (2005), Technological, Social and Economic Trends that Are Increasing US Vulnerability, Defense Personnel Security Research Center, Monterey, CA.
51. Moore, A. and Cappelli, D. (2005), “Analyzing organizational cyber threats”, Proceedings of the Workshop on System Dynamics of Physical and Social Systems for National Security, Chantilly, VA.
52. Schnabel, N. and Nadler, A. (2008), “A needs-based model of reconciliation: satisfying the differential needs of victim and perpetrator”, Journal of Personality and Social Psychology, Vol. 94 No. 1, pp. 116-32.
53. Siponen, M. (2000), “A conceptual foundation for organizational information security awareness”, Information Management & Computer Security, Vol. 8 No. 1, pp. 31-41.