The insider threat to information systems and the effectiveness of IS017799

Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by IS017799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated t...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2005-09, Vol.24 (6), p.472-484
Main Authors: Theoharidou, Marianthi, Kokolakis, Spyros, Karyda, Maria, Kiountouzis, Evangelos
Format: Article
Language:English
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by IS017799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory, and explore the possible enhancements to the standard that could result from the study of more recent criminology theories. The paper concludes with supporting the argument for a multiparadigm and multidisciplinary approach towards IS security management and insider threat mitigation.
ISSN:0167-4048
DOI:10.1016/j.cose.2005.05.002