Skip to main content

External Insider Threat: A Real Security Challenge in Enterprise Value Webs

Franqueira, Virginia N. L., van Cleeff, Andre, van Eck, Pascal, Wieringa, Roel (2010) External Insider Threat: A Real Security Challenge in Enterprise Value Webs. In: The Fifth International Conference on Availability, Reliability, and Security (ARES 2010). . pp. 446-453. IEEE ISBN 978-0-7695-3965-2. (doi:10.1109/ares.2010.40) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL
https://doi.org/10.1109/ares.2010.40

Abstract

Increasingly, organizations collaborate with other organizations in value webs with various arrangements, such as outsourcing, partnering, joint ventures, or subcontracting. As the Jericho Forum (an industry consortium of the Open Group) observed, in all these forms of collaboration, the boundaries between organizations become permeable and, as a consequence, insiders and outsiders can no longer be neatly separated using the notion of a perimeter. Such organizational arrangements have security implications because individuals from the value web are neither outsiders nor completely insiders. To address this phenomenon this paper proposes a third set of individuals, called External Insiders. External insiders add challenges to the already known insider threat problem because, unlike outsiders, external insiders have granted access and are trusted; and, unlike traditional insiders, external insiders are not subjected to as many internal controls enforced by the organization for which they are external insiders. In fact, external insiders are part of two or more organizational control structures, and business-to-business contracts are often insufficiently detailed to establish security requirements at the level of granularity needed to counter the threat they pose.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1109/ares.2010.40
Uncontrolled keywords: Risk Management, B2B contract, Enterprise Network, Security Metrics, Extended Enterprise
Divisions: Faculties > Sciences > School of Computing
Faculties > Sciences > School of Computing > Security Group
Depositing User: Virginia Nunes Leal Franqueira
Date Deposited: 10 Oct 2019 13:15 UTC
Last Modified: 11 Oct 2019 11:32 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/77198 (The current URI for this page, for reference purposes)
Franqueira, Virginia N. L.: https://orcid.org/0000-0003-1332-9115
  • Depositors only (login required):