Insider Risk Evaluation and Audit

Abstract : The purpose of this study is to present the rationale, previous research, and process for developing a tool to be used for detecting insider risk within an organization. Based on past studies of insider behavior, the authors identify several areas of effective management intervention to mitigate the probability of damaging behaviors. For each area, a series of self-audit questions point to the presence or absence of policies, safeguards, or best practices that should be considered by security or other management personnel as proactive measures to minimize insider risk.

[1]  Edward W. Sieh GARMENT WORKERS: PERCEPTIONS OF INEQUITY AND EMPLOYEE THEFT , 1987 .

[2]  Detmar W. Straub,et al.  Controlling Computer Abuse: am Empirical Study of Effective Security Countermeasures , 1987, ICIS.

[3]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[4]  Ron A. Dibattista Creating New Approaches to Recognize and Deter Sabotage , 1991 .

[5]  L. Hough The 'Big Five' Personality Variables--Construct Confusion: Description Versus Prediction , 1992 .

[6]  J. Greenberg,et al.  Stealing in the Name of Justice: Informational and Interpersonal Moderators of Theft Reactions to Underpayment Inequity , 1993 .

[7]  James H. R. Tucker Everyday forms of employee resistance , 1993 .

[8]  Michael D. Crino,et al.  Employee Sabotage: A Random or Preventable Phenomenon? , 1994 .

[9]  Personality and personality disorders. , 1994, Journal of abnormal psychology.

[10]  COMBATING WORKPLACE VIOLENCE: GUIDELINES FOR EMPLOYERS AND LAW ENFORCEMENT , 1994 .

[11]  D. Zabel,et al.  Diagnostic and Statistical Manual of Mental Disorders, 4th ed , 1995 .

[12]  Ron A. Dibattista,et al.  Forecasting Sabotage Events in the Workplace , 1996 .

[13]  R. Bennett,et al.  Workplace deviance: Its definition, its manifestations, and its causes. , 1997 .

[14]  R. Folger,et al.  RETALIATION IN THE WORKPLACE: THE ROLES OF DISTRIBUTIVE, PROCEDURAL, AND INTERACTIONAL JUSTICE , 1997 .

[15]  Robert A. Baron,et al.  Aggression in the workplace. , 1997 .

[16]  D. Westen,et al.  Revising and assessing axis II, Part I: developing a clinically and empirically valid assessment method. , 1999, The American journal of psychiatry.

[17]  D. Westen,et al.  Revising and assessing axis II, Part II: toward an empirically based and clinically useful classification of personality disorders. , 1999, The American journal of psychiatry.

[18]  Daniel G. Youpa,et al.  Review of Private Sector Personnel Screening Practices , 2000 .

[19]  Rigid and extreme: a geometric representation of personality disorders in five-factor model space. , 2001, Journal of personality and social psychology.

[20]  P. Costa,et al.  Personality profiles and the prediction of categorical personality disorders. , 2001, Journal of personality.

[21]  D. Lynam,et al.  Using the five-factor model to represent the DSM-IV personality disorders: an expert consensus approach. , 2001, Journal of abnormal psychology.

[22]  J. Salgado The Big Five Personality Dimensions and Counterproductive Behaviors , 2002 .

[23]  Lynn F. Fischer,et al.  Cleared DoD Employees at Risk Report 2 A Study of Barriers to Seeking Help , 2002 .

[24]  Paul R. Sackett,et al.  The Structure of Counterproductive Work Behaviors: Dimensionality and Relationships with Facets of Job Performance , 2002 .

[25]  J. Rolland,et al.  The validity of FFM personality dimensions and maladaptive traits to predict negative affects at work: a six month prospective study in a military sample , 2003 .

[26]  Joanne C. Marshall-Mies,et al.  Improving Supervisor and Coworker Reporting of Information of Security Concern , 2003 .

[27]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[28]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[29]  Joel Dubin The Little Black Book of Computer Security , 2005 .

[30]  Kelly R. Buck,et al.  Screening for Potential Terrorists in the Enlisted Military Accessions Process , 2005 .

[31]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[32]  Lisa A. Kramer,et al.  Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability to Insider Espionage , 2005 .

[33]  Lynn F. Fischer,et al.  Ten Tales of Betrayal: The Threat to Corporate Infrastructure by Information Technology Insiders Analysis and Observations , 2005 .

[34]  Lynn F. Fischer,et al.  Security education, awareness, and training : from theory to practice , 2006 .

[35]  M. Mount,et al.  RELATIONSHIP OF PERSONALITY TRAITS AND COUNTERPRODUCTIVE WORK BEHAVIORS: THE MEDIATING EFFECTS OF JOB SATISFACTION , 2006 .

[36]  Eric D. Shaw,et al.  The role of behavioral research and profiling in malicious cyber insider investigations , 2006, Digit. Investig..

[37]  Katherine L. Herbig Allegiance in a Time of Globalization , 2008 .

[38]  Dawn M. Cappelli Risk mitigation strategies: lessons learned from actual insider attacks , 2010, CSIIRW '10.