What Is There to Worry About?

Cole, Eric; Ring, Sandra

doi:10.1016/b978-159749048-1/50002-9

Cited by 2 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bunn & Glynn (2016) make a distinction between first-degree and second-degree critical knowledge. While the former is knowledge about the organizational assets, like for instance the location or code of the company vault, the latter is knowledge about vulnerabilities (or security holes) that are related to the organizational assets, like for instance blind spots on the closed-circuit television (CCTV) that is monitoring the vault (Cole & Ring, 2006;Nurse et al, 2014;Sarkar, 2010). Similar to access, knowledge is privileged because insiders possess the knowledge while outsiders do not possess it.…”

Section: Insidersmentioning

confidence: 99%

“…Also individuals that obtain access or knowledge not via trust by the organization but through manipulating a trusted individual fall out of the scope of the insider concept. In contrast to Cole & Ring (2006) and Sarkar (2010) who consider individuals who are not trusted by the company like spouses, friends and social engineers (i.e. individuals that have no access to or knowledge about the organizational assets, but that manipulate an insider that has access/knowledge in order to reach the organizational assets) as insider threats, our definition limits the insider concept, and consequently the insider threat, to individuals that are trusted by the organization.…”

Section: Insidersmentioning

confidence: 99%

“…On the other hand, it is believed that misconduct will probably have a higher impact on the organizational assets than misbehavior. Misconduct can have a direct impact on company property by negatively affecting the confidentiality, availability or integrity of the organizational assets (Cole & Ring, 2006).…”

Section: In Comparison With the Existing Privilege-oriented Definitionsmentioning

confidence: 99%

See 2 more Smart Citations

Redefining insider threats: a distinction between insider hazards and insider threats

Reveraert

Sauer

2020

Secur J

View full text Add to dashboard Cite

This article suggests a new definition of insiders and insider threats. It refrains from applying a harmoriented perspective that concentrates on the insider's intention to cause harm because it defines the insider threat either too narrow or too broad. Instead, a privilege-oriented perspective is applied that focuses on the insider's intention to misuse his privileged access to or knowledge about the organizational assets. Because existing privilege-oriented definitions refrain from making an explicit and clear-cut division between intentional and unintentional misuse of privilege, a new conceptualization is suggested that distinguishes insider hazards from insider threats. If the insider unintentionally misuses his insider privilege, it concerns an insider hazard. If the insider intentionally misuses his insider privilege, it is regarded as an insider threat.

show abstract

Section: Insidersmentioning

confidence: 99%

Section: Insidersmentioning

confidence: 99%

Section: In Comparison With the Existing Privilege-oriented Definitionsmentioning

confidence: 99%

See 1 more Smart Citation

Redefining insider threats: a distinction between insider hazards and insider threats

Reveraert

Sauer

2020

Secur J

View full text Add to dashboard Cite

show abstract

A four-part typology to assess organizational and individual security awareness

Reveraert

Sauer

2020

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

This article provides a four-part typology of security awareness. We argue that existing awareness typologies that distinguish problem awareness from solution awareness and that separate descriptive awareness from prescriptive awareness are on its own insufficient and need to be merged to have a complete picture of security awareness. Renaming and bridging both distinctions leads to four security awareness types: (1) Cognitive awareness of the threat; (2) Attitudinal awareness of the threat; (3) Cognitive awareness of the mitigation; and (4) Attitudinal awareness of the mitigation. Each type is subsequently explained in greater detail and illustrated by referring to the 2020 worldwide outbreak of COVID-19. Furthermore, it is demonstrated that the typology is applicable to study both organizational awareness and individual awareness.

show abstract

What Is There to Worry About?

Cited by 2 publications

References 0 publications

Redefining insider threats: a distinction between insider hazards and insider threats

Redefining insider threats: a distinction between insider hazards and insider threats

A four-part typology to assess organizational and individual security awareness

Contact Info

Product

Resources

About