A study of insider threat behaviour: developing a holistic insider threat model

[1]  L. Cronbach Coefficient alpha and the internal structure of tests , 1951 .

[2]  M. Bartlett,et al.  A note on the multiplying factors for various chi square approximations , 1954 .

[3]  John W. Creswell,et al.  Research Design: Qualitative, Quantitative, and Mixed Methods Approaches , 2010 .

[4]  H. Kaiser An index of factorial simplicity , 1974 .

[5]  R. Green,et al.  The research process. , 1978, The Australasian nurses journal.

[6]  Donald R. Cooper,et al.  Business Research Methods , 1980 .

[7]  Gary D. Bouma,et al.  The Research Process , 1984 .

[8]  J Bloombecker,et al.  Introduction to computer crime , 1984 .

[9]  Joseph A. Cote,et al.  Estimating Trait, Method, and Error Variance: Generalizing across 70 Construct Validation Studies , 1987 .

[10]  B. Berg Qualitative Research Methods for the Social Sciences , 1989 .

[11]  Qualitative Research: Analysis Types & Tools , 1990 .

[12]  T. Bynum Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing , 1991 .

[13]  Peter M. Chisnall,et al.  Questionnaire Design, Interviewing and Attitude Measurement , 1993 .

[14]  Richard E. Morehouse,et al.  Beginning Qualitative Research: A Philosophical and Practical Guide , 1994 .

[15]  A. Michael Huberman,et al.  An expanded sourcebook qualitative data analysis , 1994 .

[16]  Jean Hitchings,et al.  Deficiencies of the traditional approach to information security and the requirements for a new methodology , 1995, Comput. Secur..

[17]  Sally Sieloff Magnan,et al.  Research Design: Qualitative and Quantitative Approaches , 1997 .

[18]  Michael D. Myers,et al.  Qualitative Research in Information Systems , 1997, MIS Q..

[19]  Donn B. Parker,et al.  Fighting computer crime - a new framework for protecting information , 1998 .

[20]  Roy McNamara Networks - Where does the real threat lie? , 1998, Inf. Secur. Tech. Rep..

[21]  Nick Gaunt,et al.  Installing an appropriate information security policy , 1998, Int. J. Medical Informatics.

[22]  Peter G. Neumann,et al.  Inside risks: risks of insiders , 1999, CACM.

[23]  Thomas Bozek,et al.  Research on Mitigating the Insider Threat to Information Systems - #2 , 2000 .

[24]  David A. Ricks,et al.  Research emphases on cultural differences and/or similarities: Are we asking the right questions? , 2000 .

[25]  P. Mayring Qualitative Content Analysis , 2000 .

[26]  B. Burmahl The big picture. , 2000, Health facilities management.

[27]  Eugene Schultz,et al.  Incident Response: A Strategic Guide to Handling System and Network Security Breaches , 2001 .

[28]  Robert Y. Cavana,et al.  Applied Business research: Qualitative and Quantitative Methods , 2001 .

[29]  Fred Cohen Managing Network Security: The New Cyber Gang - A Real Threat Profile , 2001 .

[30]  Julie F. Pallant,et al.  SPSS Survival Manual , 2020 .

[31]  John Mingers,et al.  Combining IS Research Methods: Towards a Pluralist Methodology , 2001, Inf. Syst. Res..

[32]  B. Schrag The Moral Significance of Employee Loyalty , 2001, Business Ethics Quarterly.

[33]  S. Donaldson,et al.  Understanding Self-Report Bias in Organizational Behavior Research , 2002 .

[34]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[35]  M. Patton Qualitative research & evaluation methods , 2002 .

[36]  Agata Sawicka,et al.  A Framework for Human Factors in Information Security , 2002 .

[37]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[38]  Lyn Richards,et al.  Readme First for a User's Guide to Qualitative Methods , 2002 .

[39]  Alma Whiteley,et al.  Rigour in qualitative research , 2002 .

[40]  Philipp Mayring Qualitative Inhaltsanalyse : Grundlagen und Techniken , 2003 .

[41]  Nahid Golafshani,et al.  Understanding Reliability and Validity in Qualitative Research , 2003 .

[42]  M. Sambasivan,et al.  The influence of corporate culture and organisational commitment on performance , 2003 .

[43]  Mudge Insider Threat , 2003, login Usenix Mag..

[44]  J. Harrison,et al.  Employee Perceptions of Stakeholder Focus and Commitment to the Organization , 2003 .

[45]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[46]  Izak Benbasat,et al.  Predicting Intention to Adopt Interorganizational Linkages: An Institutional Perspective , 2003, MIS Q..

[47]  Perfect Storm: The Insider, Naivety, and Hostility , 2004, ACM Queue.

[48]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[49]  James A. Whittaker,et al.  Intrusion detection: Perspectives on the insider threat , 2004 .

[50]  Michele C. Russo,et al.  How to quickly find articles in the top IS journals , 2004, CACM.

[51]  Shambhu J. Upadhyaya,et al.  Security policies to mitigate insider threat in the document control domain , 2004, 20th Annual Computer Security Applications Conference.

[52]  A. Onwuegbuzie,et al.  Mixed Methods Research: A Research Paradigm Whose Time Has Come , 2004 .

[53]  Robert H. Anderson,et al.  Understanding the Insider Threat , 2004 .

[54]  Steven Furnell Enemies within: the problem of insider attacks , 2004 .

[55]  Sue Bond,et al.  Organisational culture and work-life conflict in the UK , 2004 .

[56]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[57]  Christine Dearnley,et al.  A reflection on the use of semi-structured interviews. , 2005, Nurse researcher.

[58]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[59]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[60]  Evangelos A. Kiountouzis,et al.  Information systems security policies: a contextual perspective , 2005, Comput. Secur..

[61]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[62]  Nick Nykodym,et al.  Criminal profiling and insider cyber crime , 2005, Digit. Investig..

[63]  Robert F. Mills,et al.  Developing an Insider Threat Model Using Functional Decomposition , 2005, MMM-ACNS.

[64]  Martin Whitworth Outsourced Security: Outsourced security - the benefits and risks , 2005 .

[65]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[66]  E. Cole,et al.  Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft , 2005 .

[67]  Yan Zhang,et al.  Qualitative Analysis of Content by , 2005 .

[68]  Mike Kemp Insider Attacks: Barbarians inside the gates: addressing internal security threats , 2005 .

[69]  N. Mack,et al.  Qualitative research methods: a data collectors field guide. , 2005 .

[70]  Matt Bishop,et al.  The insider problem revisited , 2005, NSPW '05.

[71]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[72]  James Backhouse,et al.  Opportunities for computer crime: considering systems risk from a criminological perspective , 2006, Eur. J. Inf. Syst..

[73]  Steven Furnell,et al.  Malicious or misinformed? Exploring a contributor to the insider threat , 2006 .

[74]  John W. Creswell,et al.  Using Mixed-Methods Sequential Explanatory Design: From Theory to Practice , 2006 .

[75]  Stephen H. Conrad,et al.  Modeling the Emergence of Insider Threat Vulnerabilities , 2006, Proceedings of the 2006 Winter Simulation Conference.

[76]  Naresh K. Malhotra,et al.  Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research , 2006, Manag. Sci..

[77]  Judith L M Mccoyd,et al.  Conducting Intensive Interviews Using Email , 2006 .

[78]  Methodology: Analysing Qualitative Data and Writing up your Findings , 2006 .

[79]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[80]  Richard Walton,et al.  Balancing the insider and outsider threat , 2006 .

[81]  Michael D. Carroll Information security: examining and managing the insider threat , 2006, InfoSecCD '06.

[82]  Rossouw von Solms,et al.  Towards an Information Security Competence Maturity Model , 2006 .

[83]  Flemming Nielson,et al.  Where Can an Insider Attack? , 2006, Formal Aspects in Security and Trust.

[84]  D. McAuliffe,et al.  Email-facilitated qualitative interviews with traumatic brain injury survivors: A new and accessible method , 2006, Brain injury.

[85]  David M. Lynch Securing Against Insider Attacks , 2006, Inf. Secur. J. A Glob. Perspect..

[86]  L. Bierman,et al.  Social Isolation and American Workers: Employee Blogging and Legal Reform , 2006 .

[87]  Yair Levy,et al.  A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research , 2006, Informing Sci. Int. J. an Emerg. Transdiscipl..

[88]  Ning Hu,et al.  Applying role based access control and genetic algorithms to insider threat detection , 2006, ACM-SE 44.

[89]  John W. Creswell,et al.  Designing and Conducting Mixed Methods Research , 2006 .

[90]  M. Westerman What counts as "good" quantitative research and what can we say about when to use quantitative and/or qualitative methods? , 2006 .

[91]  Robert F. Mills,et al.  Using PLSI-U to Detect Insider Threats from Email Traffic , 2006, IFIP Int. Conf. Digital Forensics.

[92]  Eric D. Shaw,et al.  The role of behavioral research and profiling in malicious cyber insider investigations , 2006, Digit. Investig..

[93]  Mikko T. Siponen,et al.  A Critical Assessment of IS Security Research between 1990-2004 , 2007, ECIS.

[94]  Anat Hovav,et al.  Deterring internal information systems misuse , 2007, CACM.

[95]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[96]  Brian Contos Column: Insider threat monitoring is enhanced by asset relevance , 2007 .

[97]  Chris Wargo,et al.  An Introduction to Insider Threat Management , 2007, Inf. Secur. J. A Glob. Perspect..

[98]  Martin Hershkowitz The “Insider” Threat , 2007 .

[99]  Victor Serdiouk Technologies for Protection Against Insider Attacks on Computer Systems , 2007 .

[100]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[101]  Jeffrey Hunker Taking Stock and Looking Forward - An Outsider's Perspective on the Insider Threat , 2008, Insider Attack and Cyber Security.

[102]  P. Petocz,et al.  Research interviews in cyberspace , 2008 .

[103]  Stephen H. Conrad,et al.  A behavioral theory of insider-threat risks: A system dynamics approach , 2008, TOMC.

[104]  Andy Jones Catching the malicious insider , 2008, Inf. Secur. Tech. Rep..

[105]  Eleanor Dallaway Editorial: You're only human , 2008 .

[106]  Steven M. Bellovin,et al.  The Insider Attack Problem Nature and Scope , 2008, Insider Attack and Cyber Security.

[107]  Dawn M. Cappelli,et al.  The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures , 2008, Insider Attack and Cyber Security.

[108]  Brajendra Panda,et al.  A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack , 2008, SEC.

[109]  Salvatore J. Stolfo,et al.  Insider Attack and Cyber Security - Beyond the Hacker , 2008, Advances in Information Security.

[110]  L. Jean Camp,et al.  Game-theoretic modeling and analysis of insider threats , 2008, Int. J. Crit. Infrastructure Prot..

[111]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly , 2008, IEEE Security & Privacy.

[112]  Iain Crinson,et al.  Assessing the 'insider-outsider threat' duality in the context of the development of public-private partnerships delivering 'choice' in healthcare services: A sociomaterial critique , 2008, Inf. Secur. Tech. Rep..

[113]  Family Health Internationals partnership on the FRONTIERS Program 1998 - 2008. , 2008 .

[114]  Terrence Walker,et al.  Practical management of malicious insider threat - An enterprise CSIRT perspective , 2008, Inf. Secur. Tech. Rep..

[115]  Charles P. Pfleeger Reflections on the Insider Threat , 2008, Insider Attack and Cyber Security.

[116]  Andy Jones Insight: The evolution of attack , 2008 .

[117]  Debi Ashenden,et al.  Information Security management: A human challenge? , 2008, Inf. Secur. Tech. Rep..

[118]  James F. Burke,et al.  Toward a Generic Model of Security in an Organizational Context:  Exploring Insider Threats to Information Infrastructure , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[119]  Jeffry S. Gordon,et al.  Developing the online survey. , 2008, The Nursing clinics of North America.

[120]  Yi Hu,et al.  A traceability link mining approach for identifying insider threats , 2009, CSIIRW '09.

[121]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[122]  Dattatraya S. Bhilare,et al.  Protecting intellectual property and sensitive information in academic campuses from trusted insiders: leveraging active directory , 2009, SIGUCCS '09.

[123]  Barbara M. Wildemuth,et al.  Applications of Social Research Methods to Questions in Information and Library Science , 2009 .

[124]  R. Longhurst Interviews: In-Depth, Semi-Structured , 2009 .

[125]  Brajendra Panda,et al.  Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders , 2009, ICISS.

[126]  K. E. Joseph,et al.  The Influence of Organizational Culture on Organizational Learning, Worker Involvement and Worker Productivity , 2009 .

[127]  Insider Theft of Intellectual Property for Business Advantage : A Preliminary Model , 2009 .

[128]  Jill Slay,et al.  Protecting clients from insider attacks on trust accounts , 2009, Inf. Secur. Tech. Rep..

[129]  Mikko T. Siponen,et al.  Overcoming the insider: reducing employee computer crime through Situational Crime Prevention , 2009, CACM.

[130]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[131]  L. Jean Camp,et al.  Mitigating Inadvertent Insider Threats with Incentives , 2009, Financial Cryptography.

[132]  Ali Mili,et al.  Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies , 2009 .

[133]  Rungson Chomeya Quality of Psychology Test Between Likert Scale 5 and 6 Points , 2010 .

[134]  Factor Analysis: An Overview and Some Contemporary Advances , 2010 .

[135]  Shari Lawrence Pfleeger,et al.  Insiders Behaving Badly: Addressing Bad Actors and Their Actions , 2010, IEEE Transactions on Information Forensics and Security.

[136]  C. Lance,et al.  What Reviewers Should Expect from Authors Regarding Common Method Bias in Organizational Research , 2010 .

[137]  Kuheli Roy Sarkar Assessing insider threats to information security using technical, behavioural and organisational measures , 2010, Inf. Secur. Tech. Rep..

[138]  Lior Rokach,et al.  Detecting data misuse by applying context-based data linkage , 2010, Insider Threats '10.

[139]  Peter G. Neumann,et al.  Combatting Insider Threats , 2010, Insider Threats in Cyber Security.

[140]  R. Sarala The impact of cultural differences and acculturation factors on post-acquisition conflict ☆ , 2010 .

[141]  T. Brown,et al.  Exploratory Factor Analysis: A Five-Step Guide for Novices , 2010 .

[142]  Arlene Fink,et al.  Survey Research Methods , 2010 .

[143]  Enno Siemsen,et al.  Common Method Bias in Regression Models With Linear, Quadratic, and Interaction Effects , 2010 .

[144]  J. Hair Multivariate data analysis : a global perspective , 2010 .

[145]  Deborah A. Frincke,et al.  A Risk Management Approach to the "Insider Threat" , 2010, Insider Threats in Cyber Security.

[146]  Treating an unhealthy organisational culture: the implications of the Bundaberg Hospital Inquiry for managerial ethical decision making. , 2010, Australian health review : a publication of the Australian Hospital Association.

[147]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[148]  Lucy Gibson Using Email Interviews , 2010 .

[149]  Eirik Albrechtsen,et al.  Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study , 2010, Comput. Secur..

[150]  Clive Blackwell A Forensic Framework for Incident Analysis Applied to the Insider Threat , 2011, ICDF2C.

[151]  Analysis and Intervention on the Influencing Factors of Employee’s Job Insecurity , 2011 .

[152]  Randall F. Trzeciak,et al.  An Analysis of Technical Observations in Insider Theft of Intellectual Property Cases , 2011 .

[153]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[154]  Yadong Luo,et al.  Toward a perspective of cultural friction in international business , 2011 .

[155]  Sebastian Möller,et al.  Modeling the behavior of users who are confronted with security mechanisms , 2011, Comput. Secur..

[156]  Danny Bradbury Data mining with LinkedIn , 2011 .

[157]  K. Chandrasekar WORKPLACE ENVIRONMENT AND ITS IMPACT ON ORGANISATIONAL PERFORMANCE IN PUBLIC SECTOR ORGANISATIONS , 2011 .

[158]  ADDRESSING THE INSIDER THREAT - A CALL TO INMM COMMUNITY ACTION. , 2011 .

[159]  Stacey R. Fitzsimmons,et al.  Multicultural employees: Global business’ untapped resource , 2011 .

[160]  K. Perreault,et al.  Research Design: Qualitative, Quantitative, and Mixed Methods Approaches , 2011 .

[161]  M. Schreiner,et al.  We Have Met the Enemy and He Is Us , 2011 .

[162]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[163]  Amanda Bolderston,et al.  Conducting a Research Interview. , 2012, Journal of medical imaging and radiation sciences.

[164]  Raluca Ioana Vosloban The Influence of the Employee's Performance on the Company's Growth - A Managerial Perspective , 2012 .

[165]  Helen Armstrong,et al.  Insider Threat Behavior Factors: A Comparison of Theory with Reported Incidents , 2012, 2012 45th Hawaii International Conference on System Sciences.

[166]  S. Mathur,et al.  Outside Factors Influencing Behavior of Employees in Organizations , 2012 .

[167]  Spotlight On: Insider Threat from Trusted Business Partners. Version 2: Updated and Revised , 2012 .

[168]  A. Mengshoel Mixed methods research--so far easier said than done? , 2012, Manual therapy.

[169]  M. Setiawan,et al.  The Influence of Organizational Culture, Organizational Commitment to Job Satisfaction and Employee Performance (Study at Municipal Waterworks of Jayapura, Papua Indonesia) , 2012 .

[170]  Takayuki Sasaki,et al.  A Framework for Detecting Insider Threats using Psychological Triggers , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[171]  Keshnee Padayachee,et al.  Taxonomy of compliant information security behavior , 2012, Comput. Secur..

[172]  B. Berg,et al.  Qualitative Research Methods for the Social Sciences (8th ed. , 2012 .

[173]  Dawn M. Cappelli,et al.  Common Sense Guide to Mitigating Insider Threats 4th Edition , 2012 .

[174]  Spotlight On: Malicious Insiders and Organized Crime Activity , 2012 .

[175]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[176]  P. Hanna Using internet technologies (such as Skype) as a research medium: a research note , 2012 .

[177]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[178]  Randall F. Trzeciak,et al.  Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector , 2012 .

[179]  Fielding Complex Online Surveys using rApache and Qualtrics , 2013 .

[180]  David W. Chadwick,et al.  Guest editorial: A brief overview of data leakage and insider threats , 2013, Inf. Syst. Frontiers.

[181]  Humayun Zafar Human resource information systems: Information security concerns for organizations , 2013 .

[182]  Luiz Carlos,et al.  INFORMATION SECURITY POLICY - A DEVELOPMENT GUIDE , 2013 .

[183]  Ken H. Guo Security-related behavior in using information systems in the workplace: A review and synthesis , 2013, Comput. Secur..

[184]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[185]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[186]  Ann Anderson Workplace Conflict. , 2015, The American journal of nursing.

[187]  B MilesMatthew,et al.  Qualitative Data Analysis , 2018, Approaches and Processes of Social Science Research.

[188]  Matt Collins,et al.  Malicious Insiders with Ties to the Internet Underground Community , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[189]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .