The insider threat to information systems and the effectiveness of ISO17799
Computers & Security, 2005•Elsevier
Insider threat is widely recognised as an issue of utmost importance for IS security
management. In this paper, we investigate the approach followed by ISO17799, the
dominant standard in IS security management, in addressing this type of threat. We unfold
the criminology theory that has designated the measures against insider misuse suggested
by the standard, ie the General Deterrence Theory, and explore the possible enhancements
to the standard that could result from the study of more recent criminology theories. The …
management. In this paper, we investigate the approach followed by ISO17799, the
dominant standard in IS security management, in addressing this type of threat. We unfold
the criminology theory that has designated the measures against insider misuse suggested
by the standard, ie the General Deterrence Theory, and explore the possible enhancements
to the standard that could result from the study of more recent criminology theories. The …
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory, and explore the possible enhancements to the standard that could result from the study of more recent criminology theories. The paper concludes with supporting the argument for a multiparadigm and multidisciplinary approach towards IS security management and insider threat mitigation.
Elsevier