WEIS 2009
The Risk of Risk Analysis-And its relation to the Economics of Insider Threats
- Christian W Probst, Technical University of Denmark
- Jeffrey Hunker, Carnegie Mellon University
Abstract
- Insider threats to organisational information security are widely
viewed as an important concern, but little is understood as to the
pattern of their occurrence. We outline an argument for explaining
what originally surprised us: that many practitioners report that
their organisations take basic steps to prevent insider attacks, but
do not attempt to address more serious attacks. We suggest that
an understanding of the true cost of additional policies to control
insider threats, and the dynamic nature of potential insider threats
together help explain why this observed behaviour is economically
rational. This conclusion also suggests that further work needs to
be done to understand how better to change underlying motivations
of insiders, rather than simply focus on controlling and monitoring
their behaviour.
Files
Return to the previous page.
