Insider threat and information security management

Advances in Information Security

Volumn 49, Issue , 2010, Pages 45-71

  Coles Kemp, Lizzie ^a   Theoharidou, Marianthi ^b  

^a UNIVERSITY OF LONDON   (United Kingdom)

^b ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84882800467     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-1-4419-7133-3_3     Document Type: Article

References (37)

1. Ajzen, I., Fishbein, M.: Understanding attitudes and predicting social behaviour. Englewood Cliffs, Prentice-Hall, NJ (1980).
2. Akers, R.L.: Deviant behavior: a social learning perspective. Belmont, CA (1977)
3. Anderson, R.H., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., VanWyk, K.: Research on Mitigating the Insider Threat to Information Systems-no.2, RAND Conference Proceedings (2000)
4. Ashenden, D.: Information Security management: A human challenge? Information Security Technical Report. 13 (4), 195-201 (2008)
5. Balfe, S., Reidt, S.: Key Deactivation Strategies in MANETs: A Survey (2008) Available online. http://www.sreidt.com/wp-content/uploads/2009/01/reidt2008\ textunderscorerevocation.pdfCited20July2009
6. Beer, S.: The Heart of Enterprise. John Wiley & Sons (1995)
7. Bishop, M., Gollmann, D., Hunker, J., Probst, C.W.: Countering Insider Threats, Dagstuhl Seminar 08302 (2008)
8. Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J.: Common Sense Guide to Prevention and Detection of Insider Threats, Ver. 3.1. Carnegie Mellon University (2009)
9. Centre for the Protection of National Infrastructure: Ongoing personnel security-A good practise guide. United Kingdom (2008)
10. Centre for the Protection of National Infrastructure: Pre-Employment Screening-A good practise guide, 3rd Edition. United Kingdom (2009)
11. Centre for the Protection of National Infrastructure: Risk Assessment for Personnel Security-A guide, 3rd Edition, United Kingdom (2009)
12. Clarke, R.: Situational crime prevention: theory and practice. British Journal of Criminology. 20, 136-137 (1980)
13. Clarke, R.: Situational crime prevention: successful case studies. Harrow and Heston, NY (1997)
14. Coles-Kemp, L.: Anatomy of an Information Security Management System. Ph.D. thesis, King's College, University of London (2008)
15. Coles-Kemp, L.: The Effect of Organisational Structure and Culture on Information Security Risk Processes. Risk Research Symposium 2009 (2009). Available online. http://www.kcl.ac.uk/schools/sspp/geography/research/hrg/papersCited20July2009
16. Crinson, I.: Assessing the 'insider-outsider threat' duality in the context of the development of public-private partnerships delivering 'choice' in healthcare services: A sociomaterial critique. Information Security Technical Report, 13 (4), 202-206 (2008)
17. Dhillon, G.: Managing Information System Security. Macmillan Press, London (1997)
18. Dhillon, G., Silva, L., Backhouse, J. (2004) Computer Crime at CEFORMA: A Case Study. International Journal of Information Management, 24, 551-561 (2004)
19. Drenth, P.: Culture Consequences in organizations. In.: Drenth, P.J.D., Koopman, P.L., Wilpert, B. (eds), Organizational Decision-Making under Different Economic and Political Conditions, 199-206 (1996)
20. Hirschi, T.: Causes of delinquency. Berkeley, University of California Press, CA (1969)
21. Humphreys, E.:Information security management standards: Compliance, governance and risk management. Information Security Tech. Report, 13 (4), 247-255 (2008)
22. ISO/IEC 27001:2005, Information technology-Security techniques-Information security management systems-Requirements (2005)
23. ISO/IEC 27002:2005, Information technology-Security techniques-Code of practice for information security management (2005)
24. Martins, A., Elof, J.: Information Security Culture. In: Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002), Cairo, Egypt. IFIP Conference Proceedings 214, 203-213 (2002)
25. Overill, R.E.: ISMS Insider Intrusion Prevention and Detection. Information Security Technical Report, 13 (4), 216-219 (2008)
26. Schlienger, T., Teufel, S.:Information Security Culture: The Socio-Cultural Dimension in Information Security Management. In: Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002), Cairo, Egypt. IFIP Conference Proceedings 214, pp. 191-202 (2002)
27. Schwaniger, M.: Managing Complexity-The Path Toward Intelligent Organisations. Systemic Practice and Action Research, 13 (1999)
28. Straub, D.W., Welke, R.J.: Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22 (4) 441-465 (1998)
29. Sutherland, E.: Criminology. J.B. Lippincott, Philadelphia (1924)
30. Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to Information Systems and the effectiveness of ISO 17799. Computers & Security, 24 (6), 472-484 (2005)
31. Theoharidou, M., Gritzalis, D.: Situational Crime Prevention and Insider Threat: Countermeasures and Ethical Considerations. In: Tavani, H. et al. (Eds.): Proc. of the 8th International Computer Ethics Conference (CEPE-2009), Greece (2009)
32. von Solms, B.: Information Security-The Third Wave? Computers & Security, 19 (7) 615-620 (2000)
33. Walker, T.: Practical management of malicious insider threat-An enterprise CSIRT perspective. Information Security Technical Report, 13 (4), 225-234 (2008)
34. Willison, R.: Understanding and addressing criminal opportunity: the application of situational crime prevention to IS security. Working Paper Series 100. Dept. of Information Systems, London School of Economics and Political Science (2001)
35. Willison, R.: Understanding the offender/environment dynamic for computer crimes: Assessing the feasibility of applying criminological theory to the IS security context. In: Proc. of the 37th Hawaii International Conference on System Sciences (2004)
36. Willison, R.: Understanding the perpetration of employee computer crime in the organizational context. Working paper no. 4, Copenhagen Business School (2006)
37. Willison, R.: Understanding the perpetration of employee computer crime in the organizational context. Information & Organization, 16 (4), 304-324 (2006)