Skip to main content

Engineering Security Agreements Against External Insider Threat

Franqueira, Virginia N. L., van Cleeff, Andre', van Eck, Pascal, Wieringa, Roel J. (2013) Engineering Security Agreements Against External Insider Threat. Information Resources Management Journal, 26 (4). pp. 66-91. (doi:10.4018/irmj.2013100104) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:77191)

PDF (Preview of article (first 2 pages).) Other
Language: English

Restricted to Repository staff only
[thumbnail of Preview of article (first 2 pages).]
PDF Publisher pdf
Language: English

Restricted to Repository staff only
[thumbnail of Engineering-Security-Agreements-Against-External-Insider-Threat.pdf]
Official URL:
https://doi.org/10.4018/irmj.2013100104

Abstract

Companies are increasingly engaging in complex inter-organisational networks of business and trading partners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of third parties. Such extended enterprises create individuals who are neither completely insiders nor outsiders of a company, requiring new solutions to mitigate the security threat they cause. This paper improves the method introduced in Franqueira et al. (2012) for the analysis of such threat to support negotiation of security agreements in B2B contracts. The method, illustrated via a manufacturer-retailer example, has three main ingredients: modelling to scope the analysis and to identify external insider roles, access matrix to obtain need-to-know requirements, and reverse-engineering of security best practices to analyse both pose-threat and enforce-security perspectives of external insider roles. The paper also proposes future research directions to overcome challenges identified.

Item Type: Article
DOI/Identification number: 10.4018/irmj.2013100104
Additional information: I added the article preview (I guess this is public), and the published version (subject to copyright).
Uncontrolled keywords: Business Network, Conceptual Modelling, Extended Enterprise, Inter-Organisational Network, Security Analysis, Security Management, Service Level Agreement.
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Virginia Franqueira
Date Deposited: 14 Oct 2019 14:17 UTC
Last Modified: 04 Jul 2023 11:26 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/77191 (The current URI for this page, for reference purposes)

University of Kent Author Information

Franqueira, Virginia N. L..

Creator's ORCID: https://orcid.org/0000-0003-1332-9115
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.