Workarounds as Means to Identify Insider Threats to Information Systems Security
| Autor: | Arduin, Pierre-Emmanuel, Vieru, Dragos |
|---|---|
| Přispěvatelé: | Dauphine Recherches en Management (DRM), Université Paris Dauphine-PSL, Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Université Téluq (TELUQ) |
| Jazyk: | angličtina |
| Rok vydání: | 2017 |
| Předmět: |
Security policy
Non-malicious security violation [SHS.GESTION]Humanities and Social Sciences/Business administration Workarounds Insider threat JEL: M - Business Administration and Business Economics • Marketing • Accounting • Personnel Economics/M.M1 - Business Administration/M.M1.M15 - IT Management |
| Zdroj: | Proceedings of the Twenty-third Americas Conference on Information Systems, Boston, USA, August 10-12 Association for Information Systems Association for Information Systems, Aug 2017, Boston, United States |
| Popis: | Workarounds represent deliberate actions of employees in contrast with the prescribed practices and organizations generally perceive them as unwanted processes. Workarounds may lead to information systems (IS) security policy violations, notably when prescribed practices lead employees to face obstacles in accomplishing their daily tasks. Such behavior generates new insider threats to IS security. In this article, we adopt the view that workarounds may enable the identification of new security threats. We propose a conceptual model that illustrates how workarounds generating non-malicious security violations might constitute sources of knowledge about new security threats. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|