BibTex RIS Cite

INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT

Year 2012, Volume: 4 Issue: 1, 45 - 54, 01.06.2012

Abstract

An insider threat for companies is defined as a threat caused by malicious user
who is an employee company. In recent years, there are number of work on
insider threats in information security technologies. These works shows that
companies should increasingly and seriously should take into account these
threats. Human factors in companies constitute one of the weakest links in
information security technology and its products used in human resource (HR)
management departments. In the literature, insider threats are generally classified
into two main categories: 1) Intentional insider threats and 2) Unintentional
insider threats.
In this work, we address the employees working in HR departments of various
companies from different sectors. Since HR departments are one of the critical
departments for insider threats, we focus on the scenario that a malicious insider
accesses critical, important and/or personal data. In this scenario, a malicious
employee of HR department may change or misuse of the data belonging to
his/her company (product data, marketing data, strategy documents etc.) and/or
the data belonging to the other employees (e-mails, ID numbers, birth dates,
salaries, health data etc.) by intentionally or unintentionally.
By taking into account the previous works done in the literature, we prepare new
questionnaire for this work. The questionnaire is applied to HR managers and
employees of various sectors. Our aim is to increase HR managers and HR
employees awareness of insider information security threats.

References

  • Ball, Kirstie S. (2001), “The Use of Human Resource Information Systems: A Survey”, Personnel Review, Vol.30, No.6, pp.677-693.
  • Cole, Eric and Ring, Sandra (2006) Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, Canada: Syngress Publications.
  • Deloitte Turkey, Basın Bülteni, “Kurumların bilgi güvenliğine yaklaşımı zayıflıyor”, http://www.deloitte.com, [Accessed 28.12.2011].
  • Kavanagh, Michael J. and Thite, Mohan (2008), Human Resource Information Systems: Basics, Applications and Future Directions, Sage Publications.
  • Kraemer, Sara; Carayon, Pascale (2007), Human Errors and Violations in Computer and Information Security: The Viewpoint of Network Administrators and Security Specialists, Applied Ergonomics, Vol.38, No:2, pp.143-154.
  • Loch, Karen D., Carr Houston H. and Warkentin Merrill E. (1992), “Threats to Information Systems: Today's Reality, Yesterday's Understanding”, MIS Quarterly, Vol.16, No:2, pp.173–186.
  • Richardson, Robert (2008), 2008 CSI/FBI Computer Crime & Security Survey, http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf, [Accessed 18.03.2012] Schultz, Eugene E. and Shumway, Russell (2001), Incident Response: A Strategic Guide to Handling for System and Network Security Breaches, Indianapolis: New Riders Publications. Schultz, Eugene E., (2002) “A Framework For Understanding and Predicting Insider Attacks” Computers and Security, Vol.21, No:6, pp. 526-531.
  • Yayla, Ali (2011), Controlling Insider Threats with Information Security Politicies" ECIS 2011 Proceedings, http://is2.lse.ac.uk/asp/aspecis/20110246.pdf, [Accessed 27.03.2012].
  • Cyber Security Watch Survey, magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
Year 2012, Volume: 4 Issue: 1, 45 - 54, 01.06.2012

Abstract

References

  • Ball, Kirstie S. (2001), “The Use of Human Resource Information Systems: A Survey”, Personnel Review, Vol.30, No.6, pp.677-693.
  • Cole, Eric and Ring, Sandra (2006) Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, Canada: Syngress Publications.
  • Deloitte Turkey, Basın Bülteni, “Kurumların bilgi güvenliğine yaklaşımı zayıflıyor”, http://www.deloitte.com, [Accessed 28.12.2011].
  • Kavanagh, Michael J. and Thite, Mohan (2008), Human Resource Information Systems: Basics, Applications and Future Directions, Sage Publications.
  • Kraemer, Sara; Carayon, Pascale (2007), Human Errors and Violations in Computer and Information Security: The Viewpoint of Network Administrators and Security Specialists, Applied Ergonomics, Vol.38, No:2, pp.143-154.
  • Loch, Karen D., Carr Houston H. and Warkentin Merrill E. (1992), “Threats to Information Systems: Today's Reality, Yesterday's Understanding”, MIS Quarterly, Vol.16, No:2, pp.173–186.
  • Richardson, Robert (2008), 2008 CSI/FBI Computer Crime & Security Survey, http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf, [Accessed 18.03.2012] Schultz, Eugene E. and Shumway, Russell (2001), Incident Response: A Strategic Guide to Handling for System and Network Security Breaches, Indianapolis: New Riders Publications. Schultz, Eugene E., (2002) “A Framework For Understanding and Predicting Insider Attacks” Computers and Security, Vol.21, No:6, pp. 526-531.
  • Yayla, Ali (2011), Controlling Insider Threats with Information Security Politicies" ECIS 2011 Proceedings, http://is2.lse.ac.uk/asp/aspecis/20110246.pdf, [Accessed 27.03.2012].
  • Cyber Security Watch Survey, magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
There are 9 citations in total.

Details

Other ID JA49TN35VK
Journal Section Articles
Authors

Burcin Cetin Karabat

Cagatay Karabat This is me

Publication Date June 1, 2012
Published in Issue Year 2012 Volume: 4 Issue: 1

Cite

APA Cetin Karabat, B., & Karabat, C. (2012). INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT. International Journal of Business and Management Studies, 4(1), 45-54.
AMA Cetin Karabat B, Karabat C. INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT. IJBMS. June 2012;4(1):45-54.
Chicago Cetin Karabat, Burcin, and Cagatay Karabat. “INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT”. International Journal of Business and Management Studies 4, no. 1 (June 2012): 45-54.
EndNote Cetin Karabat B, Karabat C (June 1, 2012) INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT. International Journal of Business and Management Studies 4 1 45–54.
IEEE B. Cetin Karabat and C. Karabat, “INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT”, IJBMS, vol. 4, no. 1, pp. 45–54, 2012.
ISNAD Cetin Karabat, Burcin - Karabat, Cagatay. “INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT”. International Journal of Business and Management Studies 4/1 (June 2012), 45-54.
JAMA Cetin Karabat B, Karabat C. INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT. IJBMS. 2012;4:45–54.
MLA Cetin Karabat, Burcin and Cagatay Karabat. “INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT”. International Journal of Business and Management Studies, vol. 4, no. 1, 2012, pp. 45-54.
Vancouver Cetin Karabat B, Karabat C. INCREASING AWARENESS OF INSIDER INFORMATION SECURITY THREATS IN HUMAN RESOURCE DEPARTMENT. IJBMS. 2012;4(1):45-54.