Workarounds as Means to Identify Insider Threats to Information Systems Security

Arduin, Pierre-Emmanuel; Vieru, Dargos

Arduin, Pierre-Emmanuel; Vieru, Dargos (2017), Workarounds as Means to Identify Insider Threats to Information Systems Security, Proceedings of the Twenty-third Americas Conference on Information Systems, Boston, USA, August 10-12, Association for Information Systems

View/Open

PEA-DV-AMCIS-0041-2017-revised-final.pdf (185.9Kb)

Type

Communication / Conférence

Date

2017

Conference title

Association for Information Systems

Conference date

2017-08

Conference city

Boston

Conference country

United States

Book title

Proceedings of the Twenty-third Americas Conference on Information Systems, Boston, USA, August 10-12

Publisher

Association for Information Systems

Metadata

Show full item record

Author(s)

Arduin, Pierre-Emmanuel
Dauphine Recherches en Management [DRM]
Vieru, Dargos

Abstract (EN)

Workarounds represent deliberate actions of employees in contrast with the prescribed practices and organizations generally perceive them as unwanted processes. Workarounds may lead to information systems (IS) security policy violations, notably when prescribed practices lead employees to face obstacles in accomplishing their daily tasks. Such behavior generates new insider threats to IS security. In this article, we adopt the view that workarounds may enable the identification of new security threats. We propose a conceptual model that illustrates how workarounds generating non-malicious security violations might constitute sources of knowledge about new security threats.

Subjects / Keywords

Workarounds; Insider threat; Security policy; Non-malicious security violation

JEL

M15 - IT Management