Understanding the factors of information leakage through online social networking to safeguard organizational information

ACIS 2010 Proceedings - 21st Australasian Conference on Information Systems

Volumn , Issue , 2010, Pages

  Molok, Nurul Nuha Abdul ^a   Ahmad, Atif ^a   Chang, Shanton ^a  

^a UNIVERSITY OF MELBOURNE   (Australia)

Author keywords

Information leakage; Information security; Online social networking; Unauthorised information disclosure

Indexed keywords

ACADEMIC LITERATURE; INFORMATION DISCLOSURE; INFORMATION LEAKAGE; INFORMATION SECURITY EDUCATION; INSIDER THREAT; ORGANIZATIONAL INFORMATION; THEORETICAL MODELS; THEORY OF PLANNED BEHAVIOUR; UNDERLYING FACTORS;

INFORMATION SYSTEMS; SECURITY OF DATA; SOCIAL NETWORKING (ONLINE); SOCIAL SCIENCES; SOCIETIES AND INSTITUTIONS;

PERSONNEL TRAINING;

EID: 84870387706     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. Ahmad, A., Ruighaver, A.B., and Teo, W.T. 2005. "An Information-Centric Approach to Data Security in Organizations, " TENCON 2005 2005 IEEE Region 10, pp. 1-5.
2. Ajzen, I. 1991. "The Theory of Planned Behavior, " Organizational Behavior and Human Decision Process (50:2), December, pp 179-211.
3. Ashenden, D. 2008. "Information Security Management: A Human Challenge?, " Information Security Technical Report (13:4), pp 195-201.
4. Athanasopoulos, E., Makridakis, A., Antonatos, S., Ioannidis, S., Anagnostakis, K., and Markatos, E. 2008. "Antisocial Networks: Turning a Social Network into a Botnet, " 11th Information Security Conference (ISC 2008), Taipei, Taiwan.
5. BBC. 2010. "Israeli Military 'Unfriends' Soldier after Facebook Leak. " Retrieved 9 March 2010, from http://news.bbc.co.uk/2/hi/middle_east/8549099.stm
6. CISCO. 2008. "Data Leakage Worldwide: Common Risks and Mistakes Employees Make, " in: CISCO Systems White Paper. San Jose, CA: CISCO Systems Inc.
7. Colwill, C. 2010. "Human Factors in Information Security: The Insider Threat-Who Can You Trust These Days?, " Information Security Technical Report (in press).
8. Everett, C. 2010. "Social Media: Opportunity or Risk?, " in: Computer Fraud & Security. pp. 8-10.
9. Facebook. 2010. "Facebook Statistics. " Retrieved 14 Sept 2010, from http://www.facebook.com/press/info.php?statistics
10. Gaudin, S. 2009. "Execs Worry That Facebook, Twitter Use Could Lead to Data Leaks. " ComputerWorld Retrieved 2 June 2010, from http://www.computerworld.com/s/article/9136465/Execs_worry_that_Facebook_Twitter_use_could_lead_to_ data_leaks
11. Gross, R., and Acquisti, A. 2005. "Information Revelation and Privacy in Online Social Networks (the Facebook Case), " ACM Workshop on Privacy in the Electronic Society (WPES)2005, Virginia, USA: ACM.
12. Herath, T., and Rao, H. 2009. "Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations, " European Journal of Information Systems (18), pp 106-125.
13. Humphreys, E. 2008. "Information Security Management Standards: Compliance, Governance and Risk Management, " Information Security Technical Report (13:4), pp 247-255.
14. ISF. 2007. "Information Leakage. " Information Security Forum Briefing No.4 Retrieved 19 November 2009, from www.securityforum.org
15. ISO/IEC. 2005. "Information Technology-Security Techniques-Code of Practice for Information Security Management, " in: ISO/IEC 17799:2005(E). Geneva, Switzerland: ISO/IEC.
16. Jagatic, T., Johnson, N., Jakobsson, M., and Menczer, F. 2007. "Social Phishing, " Communications of the ACM (20:10), pp 94-100.
17. Jansen, J. 2010. "Strategic Information Disclosure and Competition for an Omperfictly Protected Innovation, " The Journal of Industrial Economics (58:2), pp 349-372.
18. Loch, K.D., Carr, H.H., and Warkentin, M.E. 1992. "Threats to Information Systems: Today's Reality, Yesterday's Understanding, " MIS Quarterly (16:2), pp 173-186.
19. Mayfield, A. 2008. "What Is Social Media?. " iCrossing e-book.
20. McKenna, B. 2009. "Awareness Training 2.0, " in: InfoSecurity. pp. 18-21.
21. Mitnick, K., Simon, W., and Wozniak, S. 2002. The Art of Deception: Controlling the Human Element of Security. New York: John Wiley & Sons.
22. Myyry, L., Siponen, M., Pahnila, S., Vartiaine, T., and Vance, A. 2009. "What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study, " European Journal of Information Systems (18), pp 126-139.
23. NIST. 2003. "Building an Information Technology Security Awareness and Training Program, " National Institute of Standards and Technology, Maryland, U.S.
24. Pahnila, S., Siponen, M., and Mahmood, A. 2007. "Employees' Behavior Towards Is Security Policy Compliance, " 40th International Conference on System Sciences, Hawaii: IEEE Computer Society.
25. Proofpoint. 2009. "Outbound Email and Data Loss Prevention in Today's Enterprise, " California.
26. Sachdev, V. 2007. "Why Do People Engage in Social Computing? A Need Fulfillment Perspective, " in: Information Systems & Operations Management. Texas, U.S.: The University of Texas at Arlington, p. 112.
27. Straub, D. 1990. "Effective Is Security, " Information Systems Research (1:3), pp 255-276.
28. Stutzman, F. 2006. "An Evaluation of Identity Sharing Behavior in Social Network Communities, " International Digital Media and Arts Association (3:1), pp 10-18.
29. Taylor, S., and Todd, P. 1995. "Understanding Information Technology Usage: A Test of Competing Models, " Information Systems Research (6:2), June, pp 144-176.
30. Theoharidou, M., Kokolakis, S., Karyda, M., and Kiountouzis, E. 2005. "The Insider Threat to Information Systems and the Effectiveness of Iso17799, " Computers & Society (24), pp 472-484.
31. Vandeveer, R.C., and Menefee, M.L. 2006. Human & Behavior in Organizations. Upper Sadle River, New Jersey: Pearson Education, Inc.
32. Vardi, Y., and Wiener, Y. 1996. "Misbehavior in Organizations: A Motivational Framework, " Organization Science (7:2), pp 151-165.
33. Vroom, C., and von Solms, R. 2004. "Towards Information Security Behavioural Compliance, " Computers & Security (23), pp 191-198.
34. Warkentin, M., and Willison, R. 2009. "Behavioral and Policy Issues in Information Systems Security: The Insider Threat, " European Journal of Information Systems (18), pp 101-105.
35. Westervelt, R. 2009. "Botnet Masters Turn to Google, Social Networks to Avoid Detection. " Retrieved 28 January 2010, from http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1373974,00.html
36. Whitman, M.E., and Mattord, H.J. 2008. Principles of Information Security. Stamford, Connecticut: Course Technology.
37. Workman, M., Bommer, W., and Straub, D. 2008. "Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test, " Computers in Human Behavior (24), pp 2799-2816.
38. Workman, M., and Gathegi, J. 2007. "Punishment and Ethics Deterrents: A Study of Insider Security Contravention, " Journal of the American Society for Information Science and Technology (58:2), pp 212-222.
39. Young, K. 2010. "Policies and Procedures to Manage Employee Internet Abuse, " Computers in Human Behavior (26), pp 1467-1471.
40. Zafar, H., and Clark, J.G. 2009. "Current State of the Information Security Research in Is, " Communications of the Association for Information Systems (24:34), pp 572-596.