Abstract : Insider security breaches in organizations have been identified as a pressing problem for academics and practitioners. The literature generally addresses this problem by focusing on the compliance of human behavior to stated policy or the conformance with organizational culture. The cultural stance and resultant activities of organizational insiders are key determinants of information security. However, whilst compliance with security policies and regulations is of great importance, the very structure of human activities that facilitates or hinders such compliance have seldom appeared in the literature. In this paper we present a human activity model that captures different aspects of a security culture. The model elucidates the patterns of behavior in organizations. Applying the model before and after an insider security breach allows us to make salient, critical areas that need attention.
https://hal.inria.fr/hal-01369541 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Wednesday, September 21, 2016 - 10:51:51 AM Last modification on : Thursday, October 18, 2018 - 6:06:02 PM Long-term archiving on: : Thursday, December 22, 2016 - 1:03:22 PM
Gurpreet Dhillon, Spyridon Samonas, Ugo Etudo. Developing a Human Activity Model for Insider IS Security Breaches Using Action Design Research. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. pp.49-61, ⟨10.1007/978-3-319-33630-5_4⟩. ⟨hal-01369541⟩