Utilize este identificador para referenciar este registo:
https://hdl.handle.net/1822/39195
Título: | Insider threats: the major challenge to security risk management |
Autor(es): | Pereira, Teresa Santos, Henrique |
Palavras-chave: | Information security risk Security risk management Insider risk Insider threats and insider behavior Insider threats and insider behaviour |
Data: | 2015 |
Editora: | Springer, Cham |
Revista: | Lecture Notes in Computer Science (including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
Citação: | Pereira, T., Santos, H. (2015). Insider Threats: The Major Challenge to Security Risk Management. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2015. Lecture Notes in Computer Science(), vol 9190. Springer, Cham. https://doi.org/10.1007/978-3-319-20376-8_58 |
Resumo(s): | Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process. |
Tipo: | Artigo em ata de conferência |
URI: | https://hdl.handle.net/1822/39195 |
ISBN: | 978-3-319-20375-1 |
e-ISBN: | 978-3-319-20376-8 |
DOI: | 10.1007/978-3-319-20376-8_58 |
ISSN: | 0302-9743 |
Versão da editora: | http://link.springer.com/chapter/10.1007/978-3-319-20376-8_58 |
Arbitragem científica: | yes |
Acesso: | Acesso restrito UMinho |
Aparece nas coleções: |
Ficheiros deste registo:
Ficheiro | Descrição | Tamanho | Formato | |
---|---|---|---|---|
2015-HAIS-InsiderThreats.pdf Acesso restrito! | 9,86 MB | Adobe PDF | Ver/Abrir |