Change search
ReferencesLink to record
Permanent link

Direct link
The Insider Threat Problem: The Case of a Jamaican Government Organization
2013 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The history of Information Security started with computer security concentrated primarily around the securing of the computer hardware and the physical environment from outside threats. In most instances, the physical hardware comprises the major component of Information Systems and therefore attracts the major efforts in terms of security. In fact, for most information Security breaches, the hardware components can be the object of the attack where it is the entity being attacked or the subject of the attack where it is used as the active tool to perpetrate the attack. However, an important characteristic of Information Security that often gets overlooked is the role that people play in an organization’s Information Security posture. In my opinion people who are familiar with the operations of an organization such as the hardware, software and procedures and most importantly are trusted by the organization and its stakeholders pose as significant a threat as persons external to the organization. A National Security Institute (NSI) special report published in 2004 makes the important point that the internal threat poses one of the greatest risks to corporations, organizations and governments today and estimates that as much as 75 percent of security breaches can be categorized as “inside jobs”. The report also states that 70 percent of infringements of company networks occur from the inside. Even with these eye opening statistics, less than 30 percent of expenditure on information security is directed at addressing information security threats posed by insiders (NSI, 2004).This thesis is therefore aimed to highlight the significance of threats posed by people to the Information Security posture of an organisation with special emphasis paid to people affiliated to and trusted by these organisations. The work took the form of a case study conducted at the Electoral Office of Jamaica, one of Jamaica’s primary governmental organisations and is contextually based on the Insider Threat Security Reference Architecture (ITSRA) which proposes a multi-tiered approach to mitigating information security threats and enforcing security controls. The work highlights the fact that although most of the cases involving activities such as hacking and virus cases are more heavily highlighted and publicized, company insiders such as employees and contractors constitute as great or possibly an even greater risk to an organisation. This is because of the fact that the majority of information security incidents are not perpetrated as a result of technology failure but primarily because of human failure, negligence or greed. Using an abductive or theory oriented approach with inductively defined classifications supported by the constructs defined in the Insider Threat Security Reference Architecture (ITSRA) as the primary guide, the work demonstrated that Information Security is everyone’s responsibility and requires a culture where management not only creates the environment for proper procedures, policies and controls but where each and every employee is expected to understand and follow the security procedures set out

Place, publisher, year, edition, pages
2013. , 140 p.
Keyword [en]
Keyword [sv]
URN: urn:nbn:se:ltu:diva-57144Local ID: dd596b2e-3bf8-4b8e-b0d8-a06ed81664f6OAI: diva2:1030531
External cooperation
Subject / course
Student thesis, at least 30 credits
Educational program
Information Security, master's level
Validerat; 20130826 (global_studentproject_submitter)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(1057 kB)0 downloads
File information
File name FULLTEXT02.pdfFile size 1057 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Allison, Dwight

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link