Workarounds as Means to Identify Insider Threats to Information Systems Security
نویسنده
چکیده
Workarounds represent deliberate actions of employees in contrast with the prescribed practices and organizations generally perceive them as unwanted processes. Workarounds may lead to information systems (IS) security policy violations, notably when prescribed practices lead employees to face obstacles in accomplishing their daily tasks. Such behavior generates new insider threats to IS security. In this article, we adopt the view that workarounds may enable the identification of new security threats. We propose a conceptual model that illustrates how workarounds generating non-malicious security violations might constitute sources of knowledge about new security threats.
منابع مشابه
An Authorization Framework for Database Systems
Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most im...
متن کاملUsers as the Biggest Threats to Security of Health Information Systems
There are a lot of researches in the world about attacks on information systems (IS). Although there have been many attempts to classify threats of IS’s especially in Health Information Systems (HIS), it is still necessary for all health organization to identify new threats and their sources which threaten security of health care domain. The main aim of this paper is to present a research agend...
متن کاملDetecting and Countering Insider Threats: Can Policy-Based Access Control Help?
As insider threats pose very significant security risks to IT systems, we ask what policy-based approaches to access control can do for the detection, mitigation or countering of insider threats and insider attacks. Answering this question is difficult since little public data about insider-threat cases is available, since there is not much consensus about what the insider problem actually is, ...
متن کاملRisk of Insider Threats in Information Systems Outsourcing:
The risks involved in Information Technology Outsourcing has since long been known to affect business decisions of whether to outsource or not. This has lead to numerous research on topics such as: Understanding and Managing Outsourcing Risks, Methodologies to measure Outsourcing Risks, Risk Factors in Information Technology Outsourcing, Assessing the Risk of IT Outsourcing to name a few. But v...
متن کاملAddressing Insider Threats and Information Leakage
Insider threats are one of the problems of organizational security that are most difficult to handle. It is often unclear whether or not an actor is an insider, or what we actually mean by “insider”. It also is often impossible to determine whether an insider action is permissible, or whether it constitutes an insider attack. From a technical standpoint, the biggest concern is the discriminatio...
متن کامل