NCJ Number
243191
Journal
Security Journal Volume: 26 Issue: 2 Dated: April 2013 Pages: 107-124
Date Published
April 2013
Length
18 pages
Annotation
After examining the prevailing threat model in organizational security, this article features risk profiles for the "insider" threat and the development of an information security policy to address this threat.
Abstract
The critical importance of electronic information exchanges in the daily operation of most large modern organizations is causing them to broaden their security provision to include the custodians of exchanged data - the insiders. The prevailing data loss threat model mainly focuses upon the criminal outsider and mainly regards the insider threat as 'outsiders by proxy', thus shaping the relationship between the worker and workplace in information security policy. Policy, that increasingly takes the form of social policy for the information age as it acquires the power to include and exclude sections of society and potentially to re-stratify it? This article draws upon empirical sources to critically explore the insider threat in organizations. It looks at the prevailing threat model before deconstructing 'the insider' into various risk profiles, including the well-meaning insider, before drawing conclusions about what the building blocks of information security policy around the insider might be. (Published Abstract)