Redefining insider threats: a distinction between insider hazards and insider threats
- PDF / 727,670 Bytes
- 21 Pages / 439.37 x 666.142 pts Page_size
- 13 Downloads / 175 Views
Redefining insider threats: a distinction between insider hazards and insider threats Mathias Reveraert1 · Tom Sauer2
© Springer Nature Limited 2020
Abstract This article suggests a new definition of insiders and insider threats. It refrains from applying a harm-oriented perspective that concentrates on the insider’s intention to cause harm because it defines the insider threat either too narrow or too broad. Instead, a privilege-oriented perspective is applied that focuses on the insider’s intention to misuse his privileged access to or knowledge about the organizational assets. Because existing privilege-oriented definitions refrain from making an explicit and clear-cut division between intentional and unintentional misuse of privilege, a new conceptualization is suggested that distinguishes insider hazards from insider threats. If the insider unintentionally misuses his insider privilege, it concerns an insider hazard. If the insider intentionally misuses his insider privilege, it is regarded as an insider threat. Keywords Insider threat · Insider hazard · Organizational culture · Organizational behavior · Security policy · Trust
Introduction This article redefines insiders and insider threats. Existing insider threat definitions originate from two different perspectives, namely a harm-oriented perspective and a privilege-oriented perspective (Information Security Forum 2015; Krull 2016; Maasberg et al. 2015; Willison and Warkentin 2013). Although harm-oriented definitions also refer to the insider privilege, the difference between both perspectives * Mathias Reveraert [email protected] Tom Sauer [email protected] 1
Universiteit Antwerpen Faculteit Politieke en Sociale Wetenschappen, Stadscampus, Sint ‑ Jacobstraat 2, S.M.271, 2000 Antwerp, Belgium
2
Universiteit Antwerpen Faculteit Politieke en Sociale Wetenschappen, Stadscampus, Sint ‑ Jacobstraat 2, S.M.273, 2000 Antwerp, Belgium
Vol.:(0123456789)
M. Reveraert, T. Sauer
lies in the insider’s intentionality. On the one hand, the harm-oriented definitions emphasize the insider’s intention to harm the organization. On the other hand, privilege-oriented definitions put emphasis on the insider’s intention to misuse his1 insider privilege. In this article, preference is given to the privilege-oriented perspective. Although other scholars have already put emphasis on the misuse of privilege in their conceptualization (Gelles 2016; Greitzer et al. 2012; Padayachee 2016), they refrain from making an explicit and clear-cut division between intentional and unintentional misuses of privilege. As a result, this paper proposes a new conceptualization of insider threats. A distinction between insider hazards and insider threats is suggested, based on the question whether the insider wittingly misuses the access/ knowledge, or whether the insider can be held accountable for the misuse of privilege. If the insider unwittingly misuses the privilege (i.e., no accountability), the incident is considered to be an insider hazard. In contrast, i
Data Loading...
