Abstract
Mainly based on an increasing dependence on ICT, the protection of crucial assets has become increasingly important for organizations. Beside external hacker attacks and malware, malicious insider threat continues to be one of the main security issues facing organizations. This article presents motives, characteristics and other influencing factors of employees to commit to criminal behavior. Therefore, results from the background of German economic offenders’ research and related theories of crime are analyzed. The work closes with recommendations for further research and starting points for insider threat prevention management.
You have full access to this open access chapter, Download conference paper PDF
1 Introduction
According to the results of the 2013 US State of Cybercrime Survey [1], attacks of trusted employees respectively malicious insiders cover about 30 % of all cyber-attacks (broadly stayed consistent since 2004), whereby the total number of such attacks has increased dramatically, resulting in $2.9 trillion in employee fraud losses globally per year. In addition, the results show that it is hard to know who these malicious insiders are – normally they are acting within the boundaries of trust necessary to perform normal duties - and how to prevent attacks.
The CERT Insider Threat Center (Carnegie Mellon University) defines a malicious insider as “…a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems” (http://www.cert.org/insider_threat/, accessed on Jan. 8, 2014).
In this paper, a malicious insider is defined as a current or former employee, (still) having access to the organization’s (IT) infrastructure and with specific organizational data, networks’ and information systems’ access opportunities and privileges and/or with knowledge of processes, services and persons, enabling the individual to gather, misuse or steal an organization’s crucial assets (e.g. customer data, production and product secrets, etc.), either causing solely harm to the organization and/or benefiting him-/herself.
In fact, based on new technical opportunities, data theft has become much easier: for example, mobile trends like BYOD (bring your own device), cloud services with related security vulnerabilities, the ability to work from home and access an organization’s data when on the road, as well as more and more malware opportunities have increased the potential of related attacks. Other main security obstacles may be budget constraints, the complexity of the internal (IT) environment, competing priorities, a lack of top-level direction and leadership, as well as a lack of awareness training, and others.
The remainder of the paper is organized as follows. The next section reviews some risk factors for organizations due to malicious insider threat. This is followed by a description of two process models relating to an offenders’ (potential) criminal behavior and related decision issues. In a next step, several related theories of crime as well as recommendations for further insider threat research are discussed.
2 Current Risk Factors Companies Face from Malicious Insider Threat
An analysis of the changing nature of internal offenders can help organizations stiffen their defenses against malicious activities. A study of KPMG [2], covering 596 fraudsters companies investigated between 2011 and 2013 highlights that the typical fraudster in 2013 is very similar to the typical one in 2011: the attacker is middle-aged (36–45 years old), mostly employed in an executive operations, marketing or finance (senior) position, whereby many of them are employed in the victimized organization for more than six years. A report of the British Centre for the Protection of National Infrastructure [3] show significantly more males (82 %) engaged in insider activity than females (18 %), whereby motivating personal factors are financial gain (47 % of cases), ideology (20 %), desire for recognition (14 %), loyalty to friends, family or country (14 %) as well as revenge (6 %).
The results of a current PWC [4] study points out that used fraud detection methods can be differentiated into three elements: corporate control (all in all 55 %), corporate culture (23 %), as well as issues beyond the influence of management (21 %) like accidents, law enforcement, or investigative media. Moreover, most crimes by trusted former or present employees are perpetrated for financial or personal gain [5]: The top threat action varieties within insider misuse are privilege abuse (88 %), unapproved hardware (18 %), bribery (16 %), e-mail misuse (11 %), and data mishandling (11 %).
In general, current well-known cases, communicated in mass media in the US and Europe, show that beside the technological detection and prevention also behavioral-oriented aspect are playing a crucial role. In the field of technological-oriented prevention and detection diverse applications and efforts are used to avoid related attacks from malicious acting employees: anti-fraud management with big data analysis, cloud service methods for managing insider threat, opportunity-reducing techniques, IT security incident systems, event detection methodology and correlation analysis, and methods to audit USB device usage [see e.g. 6–11].
Typically, a malicious insider has a specific goal in mind, motives like financial needs, a method (actions and tools to achieve the goal) and an opportunity (for example based on a lack of the internal control system). In this context, Magklaras and Furnell [12] highlight a human-centric approach of insider threats, ranging from misbehaviour of individuals to issues of the reason for misuse, system role, and system consequences. According to Parker [13], other factors can be knowledge and skills, resources, authority, and motives.
To summarize, beside technical and behavioural factors, insider threats may also be triggered by some organizational issues like the organizational structure and culture [14], official stated and ‘internalized’ corporate policies [15], environmental factors like relationships (relating to so-called ‘social bonds’), societal norms and values, as well as by ideas of legitimacy and (borders of) legal norms.
Nevertheless, beside all above presented aspects and studies, in point of fact, activities of malicious insiders certainly are designed for non-detection - as a consequence, the dark figure of related crime is hard to value.
According to estimates of experts, losses conducted by economic offenders (including undetected malicious insiders) encompass between €50 and 75 billion per year in Germany, but because of the dark figure of crime this vague span cannot be related to a valid data base. Especially immaterial damages like a loss of reputation are rarely gathered. Furthermore, many organizations do not make public or solely report related cases to governmental institutions responsible for national information security strategies in economic crime defense. Such governmental institutions are mainly aiming on an analysis of new attack forms of malicious insiders and external offenders. From the background of malicious insider threat, attack forms may occur from when working alone, cooperating with colleagues, but also may be initiated by organized criminal groups, searching for a cooperation with an internal employee or blackmailing an internal offender.
3 Leanings from Economic Offenders’ Research in Germany
3.1 A Process Model of Economic Delinquency
Mainly based on the work of Coleman’s [16] integrated theory of white-collar crime, focusing on situational and motivational factors for an appearance of a criminal act, Schneider [17–19] developed a process model of criminal acting employees inside an organization. RölfsPartner and Schneider [18] conducted a study with economic criminals and analyzed their related social aspects. The authors highlight that such offenders are (social) unobtrusive, higher educated than average, are married, societal integrated, and often have (as managers in a middle or higher position) a reputable societal status. The authors analyze the emergence of criminal activities based on both, a progression of events and personality factors. Thereby, a previously loyal employee is being plunged into a personal crisis (e.g. because of a fear of job loss, financial problems, etc.), discovers occasionally a crime opportunity inside the organization, and grabs the chance (for example to let out his/her frustration). From this time on, based on a non-detection of the human’s criminal former activity, and inspired by the first sense of achievement, from now on the human actively searches for crime opportunities to conduct further criminal acts. The authors differentiate between a situational level (in the context of the offender and a potential opportunity) as well as situational vulnerability and related risk constellations (in the context of an offender’s personality or characteristics). On the situational level, the results of the analyzed convicted economic criminals highlight so-called opportunity seekers and opportunity takers. Opportunity takers are long-term employed, loyal and highly trusted employees who have the chance to commit a crime, mainly based on poor organizational control systems. Without being stopped, this kind of offender may become an (actively criminal activities planning) opportunity seeker. Due to the personal risk constellations, the authors point out four favorite types of offenders: such with a high stress disorder, crisis offers (most frequent), dependents, and unsuspicious offenders.
Schneider’s [17] process model starts with a potential situation for a criminal act, followed by a perception filter with two opportunities: potential influences at this stage are a puristic individual basic attitude (like correctness, blamelessness, righteousness) and knowledge of organizational processes. The model continues with three steps (see Table 1): The first step leads to the ‘awareness of a situation’, either as a blockade or a so-called ‘clear view’ due to an opportunity and towards a (potential) criminal behavior. At this stage, a blockade as well as a clear view is influenced by different individual risk factors. Positive factors leading to a blockade are for example personal satisfaction, estimation of others (supervisors, colleagues, etc.), and an adequate (financial) aspiration level; main triggers for a clear view (towards a criminal act) may be frustration and grievance, an inadequate (intended or existing) aspiration standard of living, as well as individual neutralization (justification) strategies to downplay a (potential) criminal behavior and decrease cognitive dissonance. The second step deals with the ‘evaluation of a situation’ and its individual interpretation: on the one hand, an employee can detect a lack of the organizational control system and make suggestions to eliminate the security gap or (in the worst case) he/she can value the situation as a change (opportunity) for a criminal act (with supporting impact of mentioned main triggers due to the clear view). The third step relates to ‘acting in the situation’ with two influencing aspects: fantasy (an individual detects an opportunity but does not act criminal) and the criminal activity (an employee may take the opportunity to act criminal). In this last step, mentioned negative triggers of step two, but also aspects like workplace-related sub-cultures or external relationships (family, friends) can play a crucial role to commit a crime.
To summarize, the model integrates different theoretical approaches and offers reference points for a possible new theory of economic delinquency in the future [20, p. 85]. In addition, based on a typology of offenders (expert interviews, n = 47 male, 3 female), an organization can try to identify ‘endangered’ individuals and find starting points for intervening measures.
3.2 A Process Model of Relevant Motive Structures of White-Collar Crime Offenders
Beside general factors like socio-demographic data of white-collar crime offenders, Cleff et al. [21] aimed in their study on deeper connections of the emergence of white-collar crime, especially regarding a better understanding of the interplay of emotional, motivational and cognitive perception processes on the way to commit a crime. Furthermore, they wanted to figure out possible consequences for a prevention and control of white-collar crime attacks. The authors conducted 13 unstructured interviews with prisoners (economic offenders; each interview took about five to six hours). In addition, they got the permission to analyze 60 court papers of convicted offenders in Germany.
According to the authors, an offender passes through a process with five main phases (see Table 2) [21]: In the first phase, an individual tries to achieve his/her objectives on a legal way. In the second phase, the individual experiences no success when trying to achieve specific objectives. At this stage, the individual is confronted with negative emotions like fear of failure, fear of loss, or existential fear. To overcome this emotional deficiency state, in a third phase, the individual searches for new and also illegal ways to achieve the intended objectives; the person explores legal borderlines. In the case of first successes (fourth phase), a person’s behavior is being confirmed and strengthened; the wish for further successes is higher than the fear of potential sanctions. At the end of the process (fifth phase), something like a point of no return exists: to justify or neutralize misbehavior, the person tries to bring his/her behavior and personal sense of right and wrong into harmony. Persons concerned increasingly suffer from a loss of reality. In this last phase, offenders already are deeply involved in their illegal activities – hence, a way back seems to be impossible. With the disclosure of the illegal behavior an individual reality shock occurs.
According to Cleff et al. [21], this process has not necessarily to end with an illegal activity. In fact, an emergence of a criminal act is always dependent on a complex framework of diverse influencing factors: on the one hand, internal factors involve the personality structure, individual motives, values as well as a related rating of money, and the intra-individual sense of right and wrong influences the human; on the other hand, external factors encompass organizational- or industry-specific influences, negative emotions (resulting from bad success) as well as the subjective perception of potential opportunities to act illegal. In the case of committing a crime, the person concerned develops diverse neutralization strategies to justify his/her bad behavior.
4 Reflection and Recommendations for Malicious Insider Threat
4.1 Theoretical Reflection of the Presented Models
Prevention and countering of malicious insider threat has to consider concurrent causes. In general, both presented models try to find such causes and effects in the field of white-collar crime. Nevertheless, there have to be considered some strengths and weaknesses.
In his model, Schneider [19] refers to Coleman’s [16] (above mentioned) integrated theory of white-collar crime, especially considering that “motivation and opportunity are often closely associated in a particular setting”. But his model is also based on several other theories from the background of criminology, for example on strain, for example on Merton’s anomie theory [22] as well as on control and social theories. In this connection, Hirschi’s social bond theory [23] relates to informal social control of colleagues, family and friends (so-called “social bonds”). Furthermore, Coleman’s [16] “work-related subcultures” as well as control theories like Gottfredson’s and Hirschi’s [24] self-control theory of crime (often referred to as the General Theory of Crime) with its lack of a human’s self-control as a crucial factor behind criminal behavior seem to play a fundamental role in Schneider’s model.
According to strain theories, Schneider [17] developed criminal act-supporting or -preventing personal risk factors (see step one) like emotions (negative or positive), the kind of lifestyle (inadequate or adequate), and personal crisis (with a related retention or lowering level of demand). The background of control theories leads to further risk constellations like value orientation (modern and/or materialistic values), and control theories respectively ‘social bonds’ relate in the model to personal contacts, relationships and especially the kind of work-related subcultures [see e.g. 16] as ‘social capital’ of an offender. Not least, the routine activity theory of Cohen and Felson [25] is a central aspect of the model: crime occurs when there exists an intersection in time and space of a motivated offender, an attractive target, and a lack of capable guardianship (e.g. a lack of the internal control system). In general, this theory focuses on the question how to discover and prevent opportunities for criminal behavior in the routine activities of potential attackers.
Schneider’s model also relates to results from other scholarly work, especially focusing on the fact that economic offenders normally are higher educated, are so-called ‘latecomers to crime’ [see e.g. also study results from 2] and their profile does not correspond with other stereotypes of criminals like the typical street offender [see e.g. 26]. Furthermore, perpetrators are influenced by a specific situational context [27], and – according to Schneider’s main category of offenders, namely ‘crisis responder’ - for example, by a personal crisis based on a fear of losing what one has worked so hard to obtain [28].
In order to describe causes of white-collar crime, Schneider considers in his process model socio-structural as well as personal risk factors, especially based on the concept of neutralization strategies. Neutralization strategies refer to one specific and helpful aspect of the model: Schneider [18] states a survey of Buzzell [29], analyzing different techniques of neutralization adapted from research of Lanier and Henry [30], as well as from basic research of the founders of this theory [31]. For example, such neutralization strategies refer to justifications like “I didn’t have a choice” and “the defense of necessity” or “I deserve this, they owed me” as “the claim of entitlement” [32], or “I’m not as bad as others” as “justification by comparison” [33].
Other considered approaches in the course of the development of Schneider’s model of economic delinquency are the (above-mentioned) routine-activity approach of Cohen and Felson [25], relating to a motivated offender meeting a suitable target in the absence of a capable guardian, and general strain theory [34] or anomie theory [22], relating to a goal blockade (no fit between goals and resources available) and a maintenance of social success. For example, the latter may occur in a highly competitive economic environment and therefore demanding for high-level objectives from their employees which are extremely hard to achieve. In this context, Agnew et al. [34] state that “[c]rime may be used to achieve monetary goals, obtain status in the eyes of one’s peers, seek revenge against the perceived source of goal blockage or other targets, and alleviate frustration and other negative emotions” [also relating to results of 2, and partially 5].
To summarize, Schneider’s model considers diverse theories from the background of criminology. Nevertheless, beside positive aspects of Schneider’s model like the process-oriented character and diverse starting points like personal risk factors to describe a potential emergence of bad behavior, also some weaknesses can be mentioned. Some aspects refer to general questions of such models, namely a demand for universality; and: what about a (potential) offender’s available level of information at the time of a conscious decision between legal and illegal behavior (see step 3: fantasy or commit a crime)? In fact, in specific working situations, it is sometimes crucial to balance or find the ‘right’ (legal) way of behavior, especially in a complex organizational and legal environment. Another crucial point seems to be that the main stream of argumentation lines is based to the background of theories coming from the field of criminology. However, the model only marginally considers issues from the organizational background like structural issues, (kind of) business processes and collaboration, the specific role of leadership, as well as (implemented) strategies or policies regarding information security, governance and ethics, all of them with related effects on employees’ awareness.
In addition, Cleff et al. [21] refer to another weak issue of Schneider’s model: individual strategies of (potential) offenders in dealing with ‘loss-making’ and negative emotional conditions and implying motivational issues and anticipated problem solving strategies. The authors argue that related details disappear in a kind of ‘melting pot with totalitarian demand’.
The second presented model of Cleff et al. [21] mainly focuses on offenders and their value systems. Dependent on the opportunity to translate their motives and values successfully, offenders develop personal benefit and emotional approval or fear and frustration, and in the latter case are motivated to commit a crime. The authors state that a financial benefit of an offender merely expresses something like a ‘quasi need’ - an instrumentalization for deeper existing essential needs (beyond money). Furthermore, the authors’ qualitative results show that offenders have a subjective and biased sense of justice. In the worst case, different influencing factors (internal and external) with crucial intensity are coming together and concentrate the risk for a decision towards bad behavior.
In comparison to Schneider’s [19] model, Cleff et al. [21] also mention some external influencing factors like branch- and organizational-specific issues (e.g. corporate culture and ‘value management’, internal structure, strategic relevance of compliance management, whistleblowing-systems, and the role and intensity of other internal control systems). Hence, the study of Cleff et al. [21] brings up some additional aspects, opening up a huge field of new empirical work with regard to motives and surrounding issues like value management or ethics in organizations.
Similar to Schneider’s [18] research in the field of offenders’ typology, Cleff et al. [21] analyzed all 60 court papers of offenders (cluster analysis) and developed a typology of perpetrators: the “visionary” (15 persons of 60) with the main categories “egocentric” and “frustrated”), the “dependent” (26) and the “naive” (10).
To summarize, the work of Cleff et al. [21] identifies first critical motive structures of economic offenders, personal characteristics and benefiting determining factors of (potential) white-collar crime activities. Notably the analysis of different types of offenders points out the interaction of emotional, motivational as well as cognitive perceptual processes on the way to a criminal behavior. The authors summarize that successful prevention of white-collar crime has to consider the different types of offenders, respectively specific positive or negative signs regarding the likelihood of a potential misbehavior.
4.2 Recommendations and Further Research Efforts
The National Cybersecurity and Communications Integration Center of the US Department of Homeland Security [35] states (besides patterns of frustration, financial needs and greed) some further behavioral risk factors of insiders: for example, introversion, a tendency to minimize mistakes and faults, ethical ‘flexibility’ (as mentioned in both presented models) and an inability to assume responsibility for their actions (both may refer to mentioned neutralization strategies), a lack of empathy, a history of managing crisis ineffectively, intolerance to criticism, reduced loyalty, and compulsive behavior.
However, such indicators are hard to identify, especially if they do not occur for a longer period. Nevertheless, also such factors could be considered to development a corporate insider threat prevention program. Therefore, the theory of planned behavior [36], referring to environmental psychology, as well as the situational crime prevention approach, making crime activities more risky [37] and focusing on specific ways to modify the social (and physical) environment [38], could be opportunities to consider.
Furthermore, relevant studies in the field show that offenders are so-called latecomers to crime. Hence, the age of employees also can be a specific starting point when managing target group-oriented’ insider threat prevention (e.g. in the field of personal development-oriented measures). Also the kind of leadership, referring to issues like satisfaction, fairness in dealing with difficult situation (e.g. regarding an employee’s poor achievement of objectives in a highly competitive business), and the quality and culture of working groups may play a crucial role. In the worst case, all these aspects can influence and trigger a personal decision for misuse.
Anyhow, for a development of insider threat measures, an identification of potential crisis responders (as opportunity seekers and takers) seems to be important. In this connection, executives should be trained to recognize different personal drug, gambling or other serious crisis or negative life events like a relationship break, a death of a family member or close friend with related financial needs.
One opportunity could be to transfer such an exposed employee to a working place with a less vulnerable work profile (reduced opportunities to commit a crime) and/or to offer specific arrangements to support a difficult personal situation (for example via financial support).
5 Conclusion
Typically, the responsibilities for prevention, detection and interventions in managing insider threat are shared among diverse departments inside an organization (e.g. IT, information security, HR, legal affairs). The problem may be to bring up an internal insider threat program together and to split responsibilities in a proper way. Such a program should be designed in accordance to the likelihood of committing misuse – especially on focusing on potential crisis responders. In current malicious insider research scholarly work mainly focuses on technical detection measures; related research efforts focusing on the human factor should be increased.
References
PwC, Key findings from the 2013 US State of Cybercrime Survey, pp. 1–20. PricewaterhouseCoopers (co-sponsored by: CERT/Carnegie Mellon University, CSO Magazine, United States Secret Service), June 2013
KPMG, Global profiles of the fraudster, pp. 1–124. KPMG International (Headquarters), Amstelveen, November 2013
CPNI, CPNI Insider Data Collection Study. Report of Main Findings, pp. 1–15. Centre for the Protection of National Infrastructure, UK (2013)
PWC, Global Econoic Crime Survey 2014, pp. 1–860. PricewaterhouseCoopers (2014)
Verizon, 2014 Data Breach Investigations Report, pp. 1–60. Verizon, USA (2014)
Capelli, D., Moore, A., Trzeciak, R.: The CERT Buide to Insider Threat. Pearson, Westford (2012)
Flynn, L., Porter, G., DiFatta, C.: Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase II, Expanded Analysis and Recommendations, pp. 1–46. Technical Report, CMU/SEI-2013-TN-030, CERT Division, Carnegie Mellon University (2014)
Padayachee, K.: A Framework of Opportunity-Reducing Techniques to Mitigate the Insider Threat: Towards Best Practice. UNISA (University of South Africa) (2014)
Grimaila, M.R., et al.: Design and analysis of a dynamically configured log-based distributed security event detection methodology. J. Def. Model. Simul. Appl. Methodol. Technol. 9(3), 219–241 (2012)
Silowash, G.J., King, C.: Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources. Carnegie Mellon University/Software Engineering Institute, Research Showcase (paper 708) (2013)
Silowash, G.J., Lewellen, T.: Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders, pp. 1–35. Carnegie Mellon University/Software Engineering Institute, Research Showcase (paper 728) (2013)
Magklaras, G.B., Furnell, S.M.: Insider Threat Prediction Tool: Evaluating the probability of IT misuse. Comput. Secur. 21(1), 62–73 (2001)
Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. Wiley, New York (1998)
Hugl, U.: The malicious insider: approaching organizational crisis management, culture and management’s role on employees’ behaviour. In: Sarrafzadeh, M., Petratos, P. (eds.) Strategic Advantage of Computing Information Systems in Enterprise Management, pp. 305–316. Athens Institute for Education and Research (ATINER), Athens (2010)
Predd, J., et al.: Insiders behaving badly. IEEE Secur. Priv. 6(4), 66–70 (2008)
Coleman, J.W.: Toward an integrated theory of white-collar crime. Am. J. Sociol. 93(2), 406–439 (1987)
Schneider, H.: Person und Situation. Über die Bedeutung personaler und situativer Risikofaktoren bei wirtschaftskriminellem Handeln. In: Löhr, A., Burkatzki, E. (eds.) Wirtschaftskriminalität und Ethik, pp. 135–153. Hampp, München/Mering (2008)
Schneider, H.: Der Wirtschaftsstraftäter in seinen sozialen Bezügen. In: RölfsPartner, (ed.) Der: Wirtschaftsstraftäter in seinen sozialen Bezügen. Aktuelle Forschungsergebnisse und Konsequenzen für die Unternehmenspraxis, pp. 4–19. Universität Leipzig, Leipzig (2009)
Schneider, H.: Wirtschaftskriminalität (§25 ). In: Bock, M. (ed.) Kriminologie, pp. 418–436. C.H Beck, München (2008)
Homann, D.: Betrug in der gesetzlichen Krankenversicherung. Eine empirische Untersuchung über vermögensschädigendes Fehlverhalten zulasten der Solidargemeinschaft, Godesberg, Mönchengladbach (2009)
Cleff, T., et al.: Wirtschaftskriminalität. Eine Analyse der Motivstrukturen, pp. 1–54. PricewaterhouseCoopers (PWC) (2009)
Merton, R.: Social structure and anomie. Am. Sociol. Rev. 3, 672–682 (1938)
Hirschi, T.: Causes of Delinquency. University of California Press, Berkeley (1969)
Gottfredson, M.R., Hirschi, T.: A General Theory of Crime. Standford University Press, Standford (1990)
Cohen, L.E., Felson, M.: Social change and crime rate trends: a routine activity approach. Am. Sociol. Rev. 44(4), 588–608 (1979)
Leeper Piquero, N., Weisburd, D.: Developmental trajectories of white-collar crime. In: Simpson, S.S., Weisburd, D. (eds.) The Criminology of White-Collar Crime. Springer, New York (2009)
van Koppen, M.V., et al.: Criminal trajectories in organized crime. Br. J. Criminol. 50(1), 102–123 (2010)
Leeper Piquero, N.: The Only thing we have to fear is fear itself: investigating the relationship between fear of falling and white-collar crime. Crime Delinquency 58(3), 362–379 (2012)
Buzzell, T.: Holiday revelry and legal control of fireworks: a study of neutralization in two normative contexts. West. Criminol. Rev. 6(1), 30–42 (2005)
Lanier, M., Henry, S.: Essential Criminology. Westview Press, Boulder (2004)
Sykes, G.M., Matza, D.: Techniques of neutralization: a theory of delinquency. Am. Sociol. Rev. 22, 664–670 (1957)
Coleman, J.W.: The Criminal Elite: Understanding White-Collar Crime. Worth, New York (2006)
Cromwell, P., Thurman, Q.: The devil made me do it: use of neutralizations by shoplifters. Deviant Behav. 24, 535–550 (2003)
Agnew, R., Piqueroleeper, N., Cullen, F.T.: General strain theory and white-collar crime. In: Simpson, S.S., Weisburd, D. (eds.) The Criminology of White-Collar Crime, pp. 35–60. Springer, New York (2009)
NCCIC, Combating the Insider Threat, pp. 1–5. National Cybersecurity and Communications Integration Center (NCCIC/Homeland Security), Washington, D.C., May 2014
Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991)
Clarke, R.V.: Situational Crime Prevention: Successful Case Studies. Criminal Justice Press, Monsey (1997)
Homel, R.: The Politics and Practice of Situational Crime Prevention. Criminal Justice Press, Monsey (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Hugl, U. (2015). Putting a Hat on a Hen? Learnings for Malicious Insider Threat Prevention from the Background of German White-Collar Crime Research. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2015. Lecture Notes in Computer Science(), vol 9190. Springer, Cham. https://doi.org/10.1007/978-3-319-20376-8_56
Download citation
DOI: https://doi.org/10.1007/978-3-319-20376-8_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20375-1
Online ISBN: 978-3-319-20376-8
eBook Packages: Computer ScienceComputer Science (R0)