A unified classification model to insider threats to information security

Prabhu, Sunitha and Thompson, Nik (2020) A unified classification model to insider threats to information security. ACIS2020 - 31st Australasian Conference on Information Security, Wellington (Online), 1-4 December, 2020. (In Press)

PDF (Article) - Submitted Version

Official URL: https://www.acis2020.org/about

Abstract or Summary

Prior work on insider threat classification has adopted a range of definitions, constructs, and terminology, making it challenging to compare studies. We address this issue by introducing a unified insider threat classification model built through a comprehensive and systematic review of prior work. An insider threat can be challenging to predict, as insiders may utilise motivation, creativity, and ingenuity. Understanding the different types of threats to information security (and cybersecurity) is crucial as it helps organisations develop the right preventive strategies. This paper presents a thematic analysis of the literature on the types of insider threats to cybersecurity to provide cohesive definitions and consistent terminology of insider threats. We demonstrate that the insider threat exists on a continuum of accidental, negligent, mischievous, and malicious behaviour. The proposed insider threat classification can help organisations to identify, implement, and contribute towards improving their cybersecurity strategies.

Item Type:Item presented at a conference, workshop or other event, and published in the proceedings
Keywords that describe the item:Cybersecurity, Information security, Human Factors, Insider threats
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Schools > Centre for Business, Information Technology and Enterprise > School of Information Technology
ID Code:7678
Deposited By:
Deposited On:25 Jan 2021 20:36
Last Modified:25 Jan 2021 20:36

Repository Staff Only: item control page