Understanding insiders: An analysis of risk-taking behavior

被引：0

作者：

Fariborz Farahmand

Eugene H. Spafford

机构：

[1] Purdue University,Center for Education and Research in Information Assurance and Security

来源：

Information Systems Frontiers | 2013年 / 15卷

关键词：

Behavior; Insider; Perception; Prospect theory; Risk;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

There is considerable research being conducted on insider threats directed to developing new technologies. At the same time, existing technology is not being fully utilized because of non-technological issues that pertain to economics and the human dimension. Issues related to how insiders actually behave are critical to ensuring that the best technologies are meeting their intended purpose. In our research, we have investigated accepted models of perceptions of risk and characteristics unique to insider threat, and we have introduced ordinal scales to these models to measure insider perceptions of risk. We have also investigated decision theories, leading to a conclusion that prospect theory, developed by Tversky and Kahneman, may be used to describe the risk-taking behavior of insiders and can be accommodated in our model. Our results indicate that there is an inverse relationship between perceived risk and benefit by insiders and that their behavior cannot be explained well by the models that are based on the traditional methods of engineering risk analysis and expected utility. We discuss the results of validating that model with forty-two senior information security executives from a variety of organizations. We also discuss how the model may be used to identify characteristics of insiders’ perceptions of risk and benefit, their risk-taking behavior and how to frame insider decisions. Finally, we recommend understanding risk of detection and creating a fair working environment to reduce the likelihood of committing criminal acts by insiders.

引用

页码：5 / 15

页数：10

共 58 条

[1]

Albrechtsen E(2009)Improving information security awareness and behavior through dialogue, participation and collective reflection. An intervention study Computers & Security XXX 1-14

[2]

Hovden J(2007)A video game for cyber security training and awareness Computers & Security 26 63-72

[3]

Cone BD(2009)User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach Information Systems Research 20 79-98

[4]

Irvine CE(2008)How near-misses influence decision making under risk: a missed opportunity for learning Management Science 54 1425-1440

[5]

Thompson MF(2000)The affect heuristic in judgments of risks and benefits Journal of Behavioral Decision Making 13 1-17

[6]

Nguyen TD(1978)How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits? Policy Sciences 9 127-152

[7]

D’Arcy J(1991)Security concerns of systems users; a study of perceptions of the adequacy of security Information & Management 20 13-27

[8]

Hovav A(2007)Security as a contributor to knowledge management success Information Systems Frontiers 9 493-504

[9]

Galletta D(1984)Representations of perceptions of risk Journal of Experimental Psychology: General 113 55-70

[10]

Dillon RL(1993)Timid choices and bold forecasts: a cognitive perspective on risk taking Management Science 39 17-31

← 1 2 3 4 5 6 →