Insider threats to organizational information security are widely viewedas an important concern, but little is understood as to the pattern oftheir occurrence. We outline an argument for explaining what originallysurprised us: that many practitioners report that their organizationstake basic steps to prevent insider attacks, but do not attempt toaddress more serious attacks. We suggest that an understanding of thetrue cost of additional policies to control insider threats, and thedynamic nature of potential insider threats together help explain whythis observed behavior is economically rational. This conclusion alsosuggests that further work needs to be done to understand how better tochange underlying motivations of insiders, rather than simply focus oncontrolling and monitoring their behavior.
CITATION STYLE
Probst, C. W., & Hunker, J. (2010). The Risk of Risk Analysis And its Relation to the Economics of Insider Threats. In Economics of Information Security and Privacy (pp. 279–299). Springer US. https://doi.org/10.1007/978-1-4419-6967-5_14
Mendeley helps you to discover research relevant for your work.