Skip to main content
SpringerLink
Log in
Book cover

Insider Threats in Cyber Security pp 45–71Cite as

Insider Threat and Information Security Management

  • Chapter
  • First Online:

Part of the book series: Advances in Information Security ((ADIS,volume 49))

Abstract

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ajzen, I., Fishbein, M.: Understanding attitudes and predicting social behaviour. Englewood Cliffs, Prentice-Hall, NJ (1980).

    Google Scholar 

  2. Akers, R.L.: Deviant behavior: a social learning perspective. Belmont, CA (1977)

    Google Scholar 

  3. Anderson, R.H., Bozek, T., Longstaff, T., Meitzler, W., Skroch, M., Van Wyk, K.: Research on Mitigating the Insider Threat to Information Systems - no.2, RAND Conference Proceedings (2000)

    Google Scholar 

  4. Ashenden, D.: Information Security management: A human challenge? Information Security Technical Report.13 (4), 195–201 (2008)

    Google Scholar 

  5. Balfe, S., Reidt, S.: Key Deactivation Strategies in MANETs: A Survey (2008) Available online.http://www.sreidt.com/wp-content/uploads/2009/01/reidt2008\ textunderscorerevocation.pdfCited20July2009

  6. Beer, S.: The Heart of Enterprise. John Wiley & Sons (1995)

    Google Scholar 

  7. Bishop, M., Gollmann, D., Hunker, J., Probst, C.W.: Countering Insider Threats, Dagstuhl Seminar 08302 (2008)

    Google Scholar 

  8. Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J.: Common Sense Guide to Prevention and Detection of Insider Threats, Ver. 3.1. Carnegie Mellon University (2009)

    Google Scholar 

  9. Centre for the Protection of National Infrastructure: Ongoing personnel security - A good practise guide. United Kingdom (2008)

    Google Scholar 

  10. Centre for the Protection of National Infrastructure: Pre-Employment Screening - A good practise guide, 3rd Edition. United Kingdom (2009)

    Google Scholar 

  11. Centre for the Protection of National Infrastructure: Risk Assessment for Personnel Security - A guide, 3rd Edition, United Kingdom (2009)

    Google Scholar 

  12. Clarke, R.: Situational crime prevention: theory and practice. British Journal of Criminology. 20 , 136-137 (1980)

    Google Scholar 

  13. Clarke, R.: Situational crime prevention: successful case studies. Harrow and Heston, NY (1997)

    Google Scholar 

  14. Coles-Kemp, L.: Anatomy of an Information Security Management System. Ph.D. thesis, King’s College, University of London (2008)

    Google Scholar 

  15. Coles-Kemp, L.: The Effect of Organisational Structure and Culture on Information Security Risk Processes. Risk Research Symposium 2009 (2009). Available online.http://www.kcl.ac.uk/schools/sspp/geography/research/hrg/ papersCited20July2009

  16. Crinson, I.: Assessing the ‘insider-outsider threat’ duality in the context of the development of public-private partnerships delivering ‘choice’in healthcare services:Asociomaterial critique. Information SecurityTechnical Report, 13 (4), 202–206 (2008)

    Google Scholar 

  17. Dhillon, G.: Managing Information System Security. Macmillan Press, London (1997)

    Google Scholar 

  18. Dhillon, G., Silva, L., Backhouse, J. (2004) Computer Crime at CEFORMA:ACase Study. International Journal of Information Management, 24, 551–561 (2004)

    Article  Google Scholar 

  19. Drenth, P.: Culture Consequences in organizations. In.: Drenth, P.J.D., Koopman, P.L., Wilpert, B. (eds), Organizational Decision-Making under Different Economic and Political Conditions, 199–206 (1996)

    Google Scholar 

  20. Hirschi,T.: Causesof delinquency. Berkeley, Universityof California Press,CA (1969)

    Google Scholar 

  21. Humphreys, E.:Information security management standards: Compliance, governance and risk management. Information SecurityTech. Report, 13 (4), 247–255 (2008)

    Google Scholar 

  22. ISO/IEC 27001:2005, Information technology -Security techniques -Information security management systems -Requirements (2005)

    Google Scholar 

  23. ISO/IEC 27002:2005, Information technology -Security techniques -Code of practice for information security management (2005)

    Google Scholar 

  24. Martins, A., Elof, J.: Information Security Culture. In: Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002), Cairo, Egypt. IFIP Conference Proceedings 214, 203–213 (2002)

    Google Scholar 

  25. Overill, R.E.: ISMS Insider Intrusion Prevention and Detection. Information SecurityTechnical Report, 13 (4), 216–219 (2008)

    Google Scholar 

  26. Schlienger,T.,Teufel, S.:Information Security Culture: The Socio-Cultural Dimensionin Information Security Management. In: Proc. of IFIP TC11 17th International Conference on 27. Information Security (SEC2002), Cairo, Egypt. IFIP Conference Proceedings 214, pp. 191202 (2002)

    Google Scholar 

  27. Schwaniger,M.:ManagingComplexity-ThePathToward IntelligentOrganisations.Systemic Practice and Action Research, 13 (1999)

    Google Scholar 

  28. Straub, D.W.,Welke, R.J.: Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22 (4) 441–465 (1998)

    Article  Google Scholar 

  29. Sutherland, E.: Criminology. J.B. Lippincott, Philadelphia (1924)

    Google Scholar 

  30. Theoharidou, M.,Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to Information Systems and the effectiveness of ISO 17799. Computers & Security, 24 (6), 472–484 (2005)

    Article  Google Scholar 

  31. Theoharidou, M., Gritzalis, D.: Situational Crime Prevention and Insider Threat: Countermeasuresand Ethical Considerations.In:Tavani,H. et al. (Eds.): Proc. of the 8th International Computer Ethics Conference (CEPE-2009), Greece (2009)

    Google Scholar 

  32. von Solms, B.: Information Security -The ThirdWave? Computers&Security, 19 (7) 615–620 (2000)

    Google Scholar 

  33. Walker,T.: Practical managementof malicious insider threat -An enterprise CSIRTperspective. Information SecurityTechnical Report, 13 (4), 225–234 (2008)

    Google Scholar 

  34. Willison, R.: Understanding and addressing criminal opportunity: the application of situational crime prevention to IS security. Working Paper Series 100. Dept. of Information Systems, London School of Economics and Political Science (2001)

    Google Scholar 

  35. Willison, R.: Understanding the offender/environment dynamic for computer crimes: Assessing the feasibility of applying criminological theory to the IS security context. In: Proc. of the 37th Hawaii International Conference on System Sciences (2004)

    Google Scholar 

  36. Willison, R.: Understanding the perpetration of employee computer crime in the organizational context.Working paper no.4, Copenhagen Business School (2006)

    Google Scholar 

  37. Willison, R.: Understanding the perpetration of employee computer crime in the organizational context. Information&Organization, 16 (4), 304–324 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, United Kingdom

    Lizzie Coles-Kemp

  2. Dept. of Informatics, Athens University of Economics and Business, Athens, Greece

    Marianthi Theoharidou

Authors
  1. Lizzie Coles-Kemp
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marianthi Theoharidou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lizzie Coles-Kemp .

Editor information

Editors and Affiliations

  1. , Informatics & Mathematical Modelling, Technical University of Denmark, Richard Petersens Plads, Kongens Lyngby, DK-2800, Denmark

    Christian W. Probst

  2. Copeland St., Pittsburgh, 15232, USA

    Jeffrey Hunker

  3. Hamburg-Harburg, Institut für Sicherheit in verteilten, Technische Universitaet, Harburger Schlossstrasse 20, Hamburg-Harburg, 21079, Germany

    Dieter Gollmann

  4. , Department of Computer Science, University of California, Davis, Shields Ave. One, Davis, 95616-8562, USA

    Matt Bishop

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Coles-Kemp, L., Theoharidou, M. (2010). Insider Threat and Information Security Management. In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-7133-3_3

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-7132-6

  • Online ISBN: 978-1-4419-7133-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation