Motivation and opportunity based model to reduce information security insider threats in organisations

Safa, Nader Sohrabi; Maple, Carsten; Watson, Tim; Solms, Rossouw von

doi:10.1016/j.jisa.2017.11.001

Cited by 78 publications

(63 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Theory of planned behavior The theory says that the attitude toward the behavior and subjective norms form an individual's behavioral intentions and actions 3,30,31 Neutralization theory Neutralization theory is a psychological method for people to turn off "inner resistance" when they perform or are about to perform something that they perceive as ethically wrong 3 Learning theory Learning theory explains how information is understood, treated, and retained by participants during the learning process 3 Protection motivation theory The protection motivation theory argues that people guard themselves based on four factors: (a) the perceived severity of an event and the occurrence; (b) vulnerability of the person; (c) the person's ability for the preventive behavior; and (d) believe in his ability to protect 3,30 General deterence theory General Deterrence is a plan designed to deter an opponent from taking actions which are not yet initiated or in another case to prevent people from performing actions that opponent wants them to do 30 Social learning theory Social Learning Theory asserts that people acquire knowledge from one another, via perception, memory, and modeling 30 Social bonding theory Social bond theory is used to explain social issues. Factors of social bonding comprise an attachment to families, devotion to social norms and institutions, engagement in activities, and the faith that these things are essential [30][31][32] General strains theory Innovation happens when community stresses culturally acceptable goals but at the same time provides insufficient opportunity to accomplish these goals with the legal institutionalized means. People finding themselves in financial strain may find a solution of crime in order to achieve goals 30 Organizational injustice If the leaders of the institution are authoritarian, their effort to solve the problems may be ineffective due to many reasons and may increase organizational stress and efficiency of the employees.…”

Section: Theory Explanation Referencesmentioning

confidence: 99%

Contemplating social engineering studies and attack scenarios: A review study

Yasin

Fatima

Liu

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

The previous year has seen an enormous increase in the studies related to social engineering. This increase is partly due to increasing number of social engineering attacks and partly due to people's inability to identify the attack. Thus, it is of great importance to find solutions which are helpful for human to understand the social engineering attacks and scenarios. To address this, we have performed a literature review of studies (on social engineering) in top-notch journals and conferences. In this paper, we have enlisted the types of attacks, and the persuasion techniques used by social engineers as listed in the literature. We also combined different theories which researchers tried to use to explain various activities of social engineers. Furthermore, we have mentioned that a better understanding of the social engineering attack scenarios can be done using thematic and game-based analysis techniques.Preliminary empirical evaluation of the proposed game based method shows overall neutral results. Future extension and evaluation is needed for the proposed methods. K E Y W O R D Scybercrime, cyber-security, human factors, human-centered, information security, review, social engineering

show abstract

Section: Theory Explanation Referencesmentioning

confidence: 99%

Contemplating social engineering studies and attack scenarios: A review study

Yasin

Fatima

Liu

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Neste grupo, é possível citar vandalismo virtual, disseminação de vírus ou softwares maliciosos, ataques de negação de serviço, falsificação de endereços na Internet e envio de spam ou mensagens eletrônicas indesejadas (Burden & Palmer, 2003). Os meios utilizados para o crime, os danos provocados, a natureza das ações e suas motivações são fatores adicionais para classificação do crime cibernético (Safa, Maple, Watson & Von Solms, 2018).…”

Section: Revisão Da Literatura O Crime Cibernéticounclassified

“…Roratto e Dias (2014) definem vulnerabilidade como uma fraqueza dos sistemas de informação e do ambiente no qual estes estão inseridos, e esta fraqueza pode se tornar um risco de segurança. Neste sentido, a falta de consciência sobre ameaças eminentes denota um comportamento desalinhado com preceitos da segurança cibernética (Safa, Maple, Watson & Von Solms, 2018). A gestão da segurança cibernética, portanto, deve focar neste comportamento, considerando causas e consequências, pois o sucesso ou insucesso da organização depende daquilo que seus membros fazem ou deixam de fazer.…”

Section: Revisão Da Literatura O Crime Cibernéticounclassified

“…Os insiders têm vantagens que vão além da capacidade de acesso à infraestrutura de TI. Eles estão cientes sobre as vulnerabilidades e as informações sensíveis: quais são, onde estão, quanto valem, como e quando acessá-las (Safa, Maple, Watson & Von Solms, 2018). Possuem tempo para atingir seus objetivos; e, não raro, conseguem ocultar rastros.…”

Section: Revisão Da Literatura O Crime Cibernéticounclassified

“…O insider é alguém que recebeu privilégios que autorizam o acesso e a utilização de sistemas ou instalações na respectiva organização, e que pode ser qualquer pessoa com privilégios e conhecimento sobre os sistemas de informação (Safa, Maple, Watson & Von Solms, 2018). É possível encontrar estudos sobre o comportamento do insider antes e durante a perpetração de um crime cibernético.…”

Section: Introductionunclassified

See 2 more Smart Citations

The influence of organizational injustice in the motivation for the practice of cybercrimes

2018

View full text Add to dashboard Cite

RESUMOEsta pesquisa analisou como a percepção de injustiça organizacional motiva a prática de crimes cibernéticos no local de trabalho. Em uma investigação qualitativa e exploratória, foram realizadas entrevistas com 16 especialistas em segurança cibernética. Os dados foram analisados através da técnica de análise de conteúdo categorial. Os resultados sugerem que a percepção de injustiça produz sentimentos negativos como a baixa-estima, a frustração e a ausência de culpa, e que essas emoções motivam a prática de crimes cibernéticos. Diferentes percepções identificadas entre os entrevistados deste estudo, associadas à revisão da literatura referente ao tema, permitiram a proposição de um modelo conceitual. ABSTRACTThis research analyzes how the perception of organizational injustice motivates the practice of cybercrimes in the workplace. In a qualitative and exploratory investigation, interviews have been carried out for 16 specialists in cybernetic security. Data were analyzed through the categorical content analysis technique. The results obtained suggest that the perception of injustice produces negative feelings, such as low self-esteem, frustration, and lack of guilt, and these emotions, in turn, motivate the practice of cybercrimes. Different perceptions have been identified among the interviewees of this study, which are associated with the literature review related to the theme, allowed the proposition of a conceptual model.

show abstract

A novel approach for securing data against intrusion attacks in unmanned aerial vehicles integrated heterogeneous network using functional encryption technique

Sharma¹,

Gupta

Rashid

et al. 2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

As the number of user equipment (UE) in any heterogeneous network (HetNet) assisted by unmanned aerial vehicles (UAV) continues to grow, so does the number of intruder nodes. The intruder/malicious nodes are able to interfere with the ongoing data transmission in the network and carry out different kinds of active and passive attacks such as spoofing, masquerading, impersonating, and so on in the network thus requiring an optimized security technique for the network. This article implements the novel functional encryption (FE) technique in the proposed UAV assisted HetNet model for the dense urban area to secure data against such intrusions. In this network model, UAV acts as a relay node for those UE which are in nonline‐of‐sight communication with macro based station (MBS). For securing the data transmission among UAV, UE, and MBS, FE technique is implemented in the network in two phases: the first phase between UE and MBS and the second phase between MBS and UE through UAV. During implementation, the Dolev‐Yao attack model is considered in which intruders are able to intercept or modify the UE data. The main objective of the FE technique implementation is to provide security from such intrusion attacks. The proposed methodology is validated using automated validation of Internet security protocols and applications (AVISPA) tool. The results of the AVISPA tool clearly indicate that the proposed technique is safe to implement in the UAV assisted HetNet, even in the presence of intruder nodes.

show abstract

Motivation and opportunity based model to reduce information security insider threats in organisations

Cited by 78 publications

References 39 publications

Contemplating social engineering studies and attack scenarios: A review study

Contemplating social engineering studies and attack scenarios: A review study

The influence of organizational injustice in the motivation for the practice of cybercrimes

A novel approach for securing data against intrusion attacks in unmanned aerial vehicles integrated heterogeneous network using functional encryption technique

Contact Info

Product

Resources

About