A longitudinal analysis of data breaches

Garrison, Chlotia; Ncube, Matoteng M.

doi:10.1108/09685221111173049

Cited by 33 publications

(27 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We began this paper by observing that critical software problems in security [7,10], financial calamities [23], software-based infrastructure [24], and automotive recalls [18] are on the rise. Our findings provide a broader picture for interpreting these domain-specific trends:…”

Section: Discussionmentioning

confidence: 99%

“…Security breaches are now more prevalent and more costly than ever before [7,10]; spreadsheet errors are leading to an increasing number of financial calamities [23]; software infrastructure failures rose between 1994 and 2005 [24]; and cars are recalled more frequently than ever because of software defects [18].…”

Section: Introductionmentioning

confidence: 99%

“…The ubiquity of software has transformed society in innumerable ways, reshaping globalization [2], social relationships [29], work [21], social identity [11,1,7], and countless other aspects of society. With these changes, however, have also come a dramatic shift in how the society works: behind much of our modern infrastructure is now the automated digital logic of algorithms, often supplementing or even replacing the slow subjectivity of human decision making.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Thirty years of software problems in the news

Dosono

Duriseti

2014

Proceedings of the 7th International Workshop on Cooperative and Human Aspects of Software Engineering

View full text Add to dashboard Cite

How have the consequences of software problems changed over the past 30 years? To begin to answer this question, we analyzed 386,381 news articles reporting on software problems published between 1980 and 2012, spanning widely circulated newspapers to small trade magazines. Our results show that after an increase in reporting just prior to Y2K, news on software problems has declined in North America, but increased in the rest of the world. Most articles only report minor consequences such as frustration, confusion, anger, or at worst, having to delay some activity for a few hours, usually due to service outages in government, transportation, finance, and information services. However, about once per month, the news reports at least one death, injury, or threatened access to food or shelter due to software problems. Reports of these severe consequences are also increasing, due primarily to stories about transportation and government software.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Thirty years of software problems in the news

Dosono

Duriseti

2014

Proceedings of the 7th International Workshop on Cooperative and Human Aspects of Software Engineering

View full text Add to dashboard Cite

show abstract

“…Accordingly, we define "insider threat" as the action or inaction of an insider that can jeopardize the safety of data, whether at rest or in motion. We also use the term "insider threat" to refer to existing or former employees who misuse their computer-access privilege and/or authority (Garrison & Ncube, 2011).This threat can arise either intentionally or accidentally, usually as a result of ignorance, mistakes, or deliberate acts (Durgin, 2007;Lee & Lee, 2002;Lee, Lee, & Yoo , 2003, cited in Bulgurcu, Cavusoglu, & Benbasat, 2010. In addition, we use the terms "data breach", "attack", "cyber-attack", and "malicious act" interchangeably in this study.…”

Section: Highlightmentioning

confidence: 99%

Multiple Case Study Approach to Identify Aggravating Variables of Insider Threats in Information Systems

Nicho¹,

Kamoun²

2014

CAIS

View full text Add to dashboard Cite

Malicious insiders present a serious threat to information systems due to privilege of access, knowledge of internal computer resources, and potential threats on the part of disgruntled employees or insiders collaborating with external cybercriminals. Researchers have extensively studied insiders' motivation to attack from the broader perspective of the deterrence theory and have explored the rationale for employees to disregard/overlook security policies from the perspective of neutralization theory. This research takes a step further: we explore the aggravating variables of insider threat using a multiple case study approach. Empirical research using black hat analysis of three case studies of insider threats suggests that, while neutralization plays an important role in insider attacks, it takes a cumulative set of aggravating factors to trigger an actual data breach. By identifying and aggregating the variables, this study presents a predictive model that can guide IS managers to proactively mitigate insider threats. Given the economic and legal ramifications of insider threats, this research has implications relevant both for both academics and security practitioners.

show abstract

“…There have been high profile data breaches in the United Kingdom, which has resulted in guidance and recommendations to help organizations to implement and monitor policies on personal information standards (Young, 2010). Garrison and Ncube (2011) states that organizations could lose consumer confidence and market share as a result of data breaches, which could, therefore, be very costly to the organization. According to Fisher (2013), data breaches could result in fraudulent activities taking place.…”

Section: Introductionmentioning

confidence: 99%

An empirical investigation into the information management systems at a South African financial institution

Adonis

Ngcamu

2016

Banks and Bank Systems

View full text Add to dashboard Cite

The study has been triggered by the increase in information breaches in financial organizations worldwide. Such organizations may have policies and procedures, strategies and systems in place in order to mitigate the risk of information breaches, but data breaches are still on the rise. The objectives of this study are to explore the shortfalls of information security on a South African financial institution and further investigate whether business processes are responsive to organization’s needs. This study employed both quantitative and qualitative research methods. Questionnaires were sent to staff level employees, and semi-structured in-depth interviews were conducted with senior management at the organization. The study revealed that employees require training on information management and that there are major training deficiencies for training officers to conduct beneficial information management training at the organization. Information security program that include business risk analysis were not implemented, which results in inadequate information management planning and decisions. A standardized or uniform house rule policy was not consistently implemented across the organization, which resulted in certain areas not protecting information. The qualitative findings revealed that the external cleaning company could obtain access to customer information, if customer data are left lying around. Furthermore, there is major misalignment between policy setters and employees in this organization. The findings allow senior managers to construct projects and program with their teams to improve the state of information management in the organization which spans across the people aspect, technology systems and general information management processes. Furthermore, external companies should start signing Non-Disclosure Agreements - which is not being done currently as this opens the door for data fraud. The organization has information management and security policies in place, but the study concluded that employees do not understand these policies and should receive specialized training to ensure understanding and, ultimately, have employees following these information security policies. Keywords: data breach, information management, business processes, information legislation. JEL Classification: G2

show abstract

A longitudinal analysis of data breaches

Cited by 33 publications

References 3 publications

Thirty years of software problems in the news

Thirty years of software problems in the news

Multiple Case Study Approach to Identify Aggravating Variables of Insider Threats in Information Systems

An empirical investigation into the information management systems at a South African financial institution

Contact Info

Product

Resources

About