Skip to main content

Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat

Buckley, Oliver, Nurse, Jason R. C., Legg, Philip A., Goldsmith, Michael, Creese, Sadie (2014) Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat. In: 2014 Workshop on Socio-Technical Aspects in Security and Trust. . IEEE E-ISBN 978-1-4799-7901-1. (doi:10.1109/STAST.2014.10) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided)

PDF - Author's Accepted Manuscript
Restricted to Repository staff only
Contact us about this Publication Download (463kB)
[img]
Official URL
https://doi.org/10.1109/STAST.2014.10

Abstract

An enterprise's information security policy is an exceptionally important control as it provides the employees of an organisation with details of what is expected of them, and what they can expect from the organisation's security teams, as well as informing the culture within that organisation. The threat from accidental insiders is a reality across all enterprises and can be extremely damaging to the systems, data and reputation of an organisation. Recent industry reports and academic literature underline the fact that the risk of accidental insider compromise is potentially more pressing than that posed by a malicious insider. In this paper we focus on the ability of enterprises' information security policies to mitigate the accidental insider threat. Specifically we perform an analysis of real-world cases of accidental insider threat to define the key reasons, actions and impacts of these events -- captured as a grounded insider threat classification scheme. This scheme is then used to performa review of a set of organisational security policies to highlight their strengths and weaknesses when considering the prevention of incidents of accidental insider compromise. We present a set of questions that can be used to analyse an existing security policy to help control the risk of the accidental insider threat.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.1109/STAST.2014.10
Subjects: Q Science
T Technology
Divisions: Faculties > Sciences > School of Computing
Faculties > Sciences > School of Computing > Security Group
Depositing User: Jason Nurse
Date Deposited: 02 Jul 2018 16:45 UTC
Last Modified: 01 Aug 2019 10:43 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/67514 (The current URI for this page, for reference purposes)
Nurse, Jason R. C.: https://orcid.org/0000-0003-4118-1680
  • Depositors only (login required):

Downloads

Downloads per month over past year