Publicação
Insider threats: the major challenge to security risk management
| Resumo: | Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process. |
|---|---|
| Autores principais: | Pereira, Teresa |
| Outros Autores: | Santos, Henrique |
| Assunto: | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| Ano: | 2015 |
| País: | Portugal |
| Tipo de documento: | comunicação em conferência |
| Tipo de acesso: | acesso restrito |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
| _version_ | 1867439329631010816 |
|---|---|
| author | Pereira, Teresa |
| author2 | Santos, Henrique |
| author2_role | author |
| author_facet | Pereira, Teresa Santos, Henrique |
| author_role | author |
| contributor_name_str_mv | RepositóriUM - Universidade do Minho |
| country_str | PT |
| creators_json_txt | [{\"Person.name\":\"Pereira, Teresa\"},{\"Person.name\":\"Santos, Henrique\"}] |
| datacite.contributors.contributor.contributorName.fl_str_mv | RepositóriUM - Universidade do Minho |
| datacite.creators.creator.creatorName.fl_str_mv | Pereira, Teresa Santos, Henrique |
| datacite.date.Accepted.fl_str_mv | 2015-01-01T00:00:00Z |
| datacite.rights.fl_str_mv | http://purl.org/coar/access_right/c_16ec |
| datacite.subjects.subject.fl_str_mv | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| datacite.titles.title.fl_str_mv | Insider threats: the major challenge to security risk management |
| dc.contributor.none.fl_str_mv | RepositóriUM - Universidade do Minho |
| dc.creator.none.fl_str_mv | Pereira, Teresa Santos, Henrique |
| dc.date.Accepted.fl_str_mv | 2015-01-01T00:00:00Z |
| dc.format.none.fl_str_mv | application/pdf |
| dc.identifier.none.fl_str_mv | https://hdl.handle.net/1822/39195 |
| dc.language.none.fl_str_mv | eng |
| dc.publisher.none.fl_str_mv | Springer, Cham |
| dc.rights.none.fl_str_mv | http://purl.org/coar/access_right/c_16ec |
| dc.subject.none.fl_str_mv | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| dc.title.fl_str_mv | Insider threats: the major challenge to security risk management |
| dc.type.none.fl_str_mv | http://purl.org/coar/resource_type/c_5794 |
| description | Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process. |
| dirty | 0 |
| eu_rights_str_mv | restrictedAccess |
| format | conferencePaper |
| fulltext.url.fl_str_mv | https://repositorium.uminho.pt/bitstreams/48650e7b-5d99-4c16-aed9-3560f921178d/download |
| id | rum_4c0c04bea7ab7ea4625561bbfdbad218 |
| identifier.url.fl_str_mv | https://hdl.handle.net/1822/39195 |
| instacron_str | repositorium |
| institution | Universidade do Minho |
| instname_str | Universidade do Minho |
| language | eng |
| network_acronym_str | rum |
| network_name_str | RepositóriUM - Universidade do Minho |
| oai_identifier_str | oai:repositorium.uminho.pt:1822/39195 |
| organization_str_mv | urn:organizationAcronym:repositorium |
| person_str_mv | Pereira, Teresa Santos, Henrique |
| publishDate | 2015 |
| publisher.none.fl_str_mv | Springer, Cham |
| reponame_str | RepositóriUM - Universidade do Minho |
| repository_id_str | urn:repositoryAcronym:rum |
| service_str_mv | urn:repositoryAcronym:rum |
| spelling | engSpringer, ChamporSecurity risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.application/pdfengInsider threats: the major challenge to security risk managementPereira, TeresaSantos, HenriqueHostingInstitutionOrganizationalRepositóriUM - Universidade do Minhoe-mailmailto:repositorium@usdb.uminho.ptrepositorium@usdb.uminho.ptCITATIONPereira, T., Santos, H. (2015). Insider Threats: The Major Challenge to Security Risk Management. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2015. Lecture Notes in Computer Science(), vol 9190. Springer, Cham. https://doi.org/10.1007/978-3-319-20376-8_58ISBNIsPartOf978-3-319-20375-1ISSNIsPartOf0302-9743DOIIsPartOf10.1007/978-3-319-20376-8_58EISBNIsPartOf978-3-319-20376-820152015-01-01T00:00:00ZHandlehttps://hdl.handle.net/1822/39195http://purl.org/coar/access_right/c_16ecrestricted accessInformation security riskSecurity risk managementInsider riskInsider threats and insider behaviorInsider threats and insider behaviourhttp://www.oecd.org/science/inno/38235147.pdfFields of Science and Technology (FOS)Engenharia e Tecnologia::Outras Engenharias e Tecnologias10099575 bytesother research producthttp://purl.org/coar/resource_type/c_5794conference paperhttp://purl.org/coar/access_right/c_16ecapplication/pdffulltexthttps://repositorium.uminho.pt/bitstreams/48650e7b-5d99-4c16-aed9-3560f921178d/download |
| spellingShingle | Insider threats: the major challenge to security risk management Pereira, Teresa Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| status | SINGLETON |
| subject.fl_str_mv | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour |
| subject.other.fl_str_mv | Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| title | Insider threats: the major challenge to security risk management |
| title_full | Insider threats: the major challenge to security risk management |
| title_fullStr | Insider threats: the major challenge to security risk management |
| title_full_unstemmed | Insider threats: the major challenge to security risk management |
| title_short | Insider threats: the major challenge to security risk management |
| title_sort | Insider threats: the major challenge to security risk management |
| topic | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| topic_facet | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour Engenharia e Tecnologia::Outras Engenharias e Tecnologias |
| url | https://hdl.handle.net/1822/39195 |
| visible | 1 |