Advance
Preprints are early versions of research articles that have not been peer reviewed. They should not be regarded as conclusive and should not be reported in news media as established information.
Understanding the Perspectives of Information Security Managers on Insider Threat.docx (62.94 kB)
Download file

Understanding the Perspectives of Information Security Managers on Insider Threat

Download (62.94 kB)
preprint
posted on 2020-07-07, 17:50 authored by Fongu Akipus Ngufor, David CrossDavid Cross

Insider threat is one of the main issues faced by organizations as information systems become inherent to the success and competitiveness of businesses in contemporary environments. However, there is insufficient understanding of the phenomenon of insider threat by information security managers responsible for ensuring the availability, confidentiality, and integrity of data and information systems. Therefore, it is crucial to address issues related to insider threat. The focus of this phenomenological qualitative research was on the lived experiences of information security managers’ perceptions, understanding, and how they employ mechanisms to reduce cyber-crimes perpetrated in U.S. East Coast organizations. The research questions examined how information technology (IT) managers experienced and understood insider threats and how their experiences and understanding shaped their behavior to curb insider threat. The social control theory was useful for the purpose of explaining the reasons why individuals with legitimate access could decide to exploit vulnerabilities in the critical assets of businesses. Twelve participants, all IT security managers, selected through purposive sampling for semi-structured one-to-one interview, took part in the study. Findings from the study indicated that malicious insider threats pose a growing risk to organizations and inadvertent insider threats were more common but less damaging than malicious insider threats. Further, insider threats were associated with disgruntled employees who committed sabotage or theft to meet financial needs and revenge. Experience and understanding of insider threats influenced IT managers to advocate for the implementation of training to raise awareness of security policies to deter insider threats. Based on the findings, IT security managers should use technical and administrative approaches to prevent, detect, and monitor systems to control insider threats.

History

Declaration of conflicts of interest

None

Corresponding author email

crossaf6@erau.edu

Lead author country

  • United States

Lead author job role

  • Practitioner/Professional

Human Participants

  • Yes

Ethics statement

The study proposal went through an approval process from Northcentral University’s Institutional Review Board (IRB) before data collection. The study was approved as "Exempt." All participants signed an Informed Consent form before being interviewed. No participant dropped out of the interview.

Comments

Log in to write your comment here...

Usage metrics

    Licence

    Exports