Abstract
The aim of this paper is to discuss on the insider threat risks and challenges which have been the biggest problem to most organisations. The survey has gauged the employees’ agreements level of recommended practices derived from the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The available research works by Computer Emergency Response Team at Carnegie-Mellon University (CERT) offered an effective and possible approach towards identifying the insider threats risk and challenges by identifying feasible activity for implementation as part of a review process within organisation. The respondents indicate that majority of the companies in Malaysia who participated in the survey are basically agreeable to it and currently implementing the recommended practices. The results suggested that most companies are aware of the threats and ready for effective countermeasures. Three factors i.e. motive, method and opportunity must be recognised, identified and suppressed within the organization boundary. As a conclusion, this research could assist organization to understand the general acceptance of the respondents towards suggested practices and it could be some important facts that finding effective way to implement best practices are the demand for further research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J.: Common Sense Guide to Prevention and Detection of Insider Threats. CERT, January 2009. http://www.cert.org/archive/pdf/CSG-V3.pdf. Accessed 20 June 2011
Bishop, M.: Position: Insider is Relative. University of California at Davis. http://www.nspw.org/papers/2005/nspw2005-bishop-pos.pdf. Accessed 01 Sept 2013
Bishop, M., Gates, C.: Defining the Insider Threat. University of California at Davis, CA Labs
von Roessing, R.M.: The business model for information security. ISACA© 2010
Green, C.H.: Understanding the Trust Equation. http://trustedadvisor.com. Accessed 19 Sept 2013
NSF-OIG: Possible Grant Fraud Indicator Handbook. http://www.cert.org/blogs/insider_threat. Accessed 10 Sept 2013
Lee, A.J., Yu, T.: Towards a Dynamic and Composite Model of Trust (2009)
Ponemon Institute LLC & Symantec: 2011 Cost of Data Breach Study Report, March 2012
Lynch, D.M.: Securing Against Insider Attacks, November 2006
Randazzo, M.R., Cappelli, D.M., Keeney, M.M., Moore, A.P., Kowalski, E.F.: Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. CERT® Coordination Center National Threat Assessment Center Software Engineering Institute United States Secret Service Carnegie Mellon University, August 2004
CISCO System: Data Leakage Worldwide: The High Cost of Insider Threats (2006)
Hong, J., Kim, J.: The Trend of the Security Research for Insider Cyber Threat, June 2010
Pfleeger, S.L., Predd, J.B., Hunker, J., Bulford, C.: Insiders Behaving Badly: Addressing Bad Actors and Their Actions, March 2010
Covey, S.M.R.: The Speed of Trust, p. 13 (2006)
Acknowledgment
This research funded by Ministry of Higher Education under Transdisciplinary Research Grant Scheme TRGS/1/2016/PBPI-CTED/02 and support by Universiti Teknikal Malaysia Melaka.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Apau, M.N., Sedek, M., Ahmad, R. (2018). Inclination of Insider Threats’ Mitigation and Implementation: Concurrence View from Malaysian Employees. In: Uden, L., Hadzima, B., Ting, IH. (eds) Knowledge Management in Organizations. KMO 2018. Communications in Computer and Information Science, vol 877. Springer, Cham. https://doi.org/10.1007/978-3-319-95204-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-95204-8_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95203-1
Online ISBN: 978-3-319-95204-8
eBook Packages: Computer ScienceComputer Science (R0)