Skip to main content
Kent Academic Repository

Securing the Extended Enterprise: A Method for Analyzing External Insider Threat

Franqueira, Virginia N. L. and van Cleeff, Andre' and van Eck, Pascal and Wieringa, Roel (2012) Securing the Extended Enterprise: A Method for Analyzing External Insider Threat. In: Strategic and Practical Approaches for Information Security Governance. IGI Global, pp. 195-222. (doi:10.4018/978-1-4666-0197-0.ch012) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:77193)

PDF (Figures added as separate files.) Author's Accepted Manuscript
Language: English

Restricted to Repository staff only
[thumbnail of Figures added as separate files.]
Official URL:


In extended enterprises, the traditional dichotomy between insiders and outsiders becomes blurred: consultants, freelance administrators, and employees of business partners are both inside and outside of the enterprise. As a consequence, traditional controls to mitigate insider and outsider threat do not completely apply to this group of individuals, and additional or improved solutions are required. The ISO 27002 security standard, recognizing this need, proposes third-party agreements to cover security requirements in B2B relationships as a solution, but leaves open how to realize them to counter security problems of inter-organizational collaboration. To reduce this gap, this chapter presents a method for identifying external insiders and analyzing them from two perspectives: as threats and as possible mitigation. The output of the method provides input for further engineering of third-party agreements related to non-measurable IT security agreements; the authors illustrate the method using a manufacturer-retailer example. This chapter also provides an overview of the external insider threat, consisting of a review of extended enterprises and of challenges involved with external insiders.

Item Type: Book section
DOI/Identification number: 10.4018/978-1-4666-0197-0.ch012
Additional information: I have added the camera version. The figures referenced in the camera version have been provided as separate files. I don't have the published version.
Uncontrolled keywords: Insider Threat, Extended Enterprise, External Insiders, Modeling, B2B relationships.
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Virginia Franqueira
Date Deposited: 14 Oct 2019 14:56 UTC
Last Modified: 16 Nov 2021 10:26 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

Franqueira, Virginia N. L..

Creator's ORCID:
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.