UPSI Digital Repository (UDRep)
Start | FAQ | About
Menu Icon
QR Code Link :

Type :Thesis
Subject :HD Industries. Land use. Labor
Main Author :Rahimah Mohamad Zuwita@Abu Bakar
Title :The development of insider threat prevention framework within organization
Hits :39
Place of Production :Tanjong Malim
Publisher :Fakulti Komputeran dan META-Teknologi
Year of Publication :2023
Corporate Name :Perpustakaan Tuanku Bainun
PDF Guest :Click to view PDF file
PDF Full Text :You have no permission to view this item.

Abstract : Perpustakaan Tuanku Bainun
Issues related to insider threat in organization have been actively debated over the years. Despite the probability, they have a higher rate of success, can go undetected, and therefore pose a much greater risk than external adversaries. Due to those circumstances, a protective and preventive measure becomes a pitch demand to prevent any harm caused by malicious insiders. A framework has been developed based on a survey conducted. There are five objectives posed in this research; (1) To identify factors that trigger/motivate insiders to attack an organization’s data (2) To determine the relationship between security behaviours and the appraisal process in Protection Motivation Theory (3) To determine the degrees of relevance of these identified reflective factors to Protection Motivation Theory (4) To develop a framework based on the result synthesized from data analysis (5) To verify the applicability of the proposed framework through expert judgement. The research adopted a quantitative research approach that utilizes surveys to gather data from approximately 250 respondents. Structural Equation Modeling (SEM) analysis was employed for data analysis. The results strongly supported all hypotheses, recording the p-values ranging from 0 to 1. Furthermore, the findings underscore the significance of organizational factors in preventing insider threats within an organization. This insight is particularly valuable for academics who aim to develop theories and gather empirical evidence related to behavioral information security, especially considering the potential applicability of these findings in various organizational settings. As far as the amount of standardized path weights is concerned, reaction efficacy is by far the most important factor influencing insiders' desire to defend their companies from information security risks.

References

Aarthi, D., & Indira, N. (2016). Enabling efficient and protected sharing of data in cloud computing. 2016 International Conference on Information Communication and Embedded Systems (ICICES), 1–5. https://doi.org/10.1109/ICICES.2016.7518876 

 

Abdi, H., Edelman, B., Valentin, D., & Dowling, W.J. (2009). Experimental design and analysis for Psychology. Oxford: Oxford University Press. 

 

Abidin, Z. Z., Abas, Z. A., Zakaria, N. A., Hashim, N. A., Mardaid, E., Ahmad, R., & Puvanasvaran, A. P. (2019). Conceptual Model of Risk Assessment for Insider Threats Detection. 2019 1st International Conference on Electrical, Control and Instrumentation Engineering (ICECIE), 1–6. https://doi.org/10.1109/ICECIE47765.2019.8974723 

 

Adams, L. L. M., & Gale, D. (1982). "Solving the quandary between questionnaire length and response rate in educational research," Research in Higher Education (17:3), pp 231-240. 

 

AeranAnkur, “Comprehensive overview of INSIDER THREATS and their controls”,2006.www.cccure.org/Documents./InsiderThreatsReport.pdf 

 

Agrafiotis, I., Nurse, J. R., Buckley, O., Legg, P., Creese, S., & Goldsmith, M. (2015). Identifying attack patterns for insider threat detection. Computer Fraud & Security, 2015(7), 9–17. https://doi.org/10.1016/S1361-3723(15)30066-X 

 

Ahmadian, M., Plochan, F., Roessler, Z., & Marinescu, D. C. (2017). SecureNoSQL: An approach for secure search of encrypted NoSQL databases in the public cloud. International Journal of Information Management, 37(2), 63–74. https://doi.org/10.1016/j.ijinfomgt.2016.11.005 

 

Albrechtsen, E., & Hovden, J. (2009). The information security digital divide between information security managers and users. Computers and Security, 28, 6 (2009), 476–490. 

 

Ali, M., Dhamotharan, R., Khan, E., Khan, S. U., Vasilakos, A. V., Li, K., & Zomaya, A. Y. (2017). SeDaSC: Secure Data Sharing in Clouds. IEEE Systems Journal, 11(2), 395–404. https://doi.org/10.1109/JSYST.2014.2379646 

 

AlKilani, H., Nasereddin, M., Hadi, A., & Tedmori, S. (2019). Data Exfiltration Techniques and Data Loss Prevention System. 2019 International Arab Conference on Information Technology (ACIT), 124–127. https://doi.org/10.1109/ACIT47987.2019.8991131 

 

Allen, M. D., Chapman, A., Seligman, L., & Blaustein, B. (2011). Provenance for Collaboration: Detecting Suspicious Behaviors and Assessing Trust in Information. Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing. 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing, Orlando, United States. https://doi.org/10.4108/icst.collaboratecom.2011.247131 

 

Althebyan, Q., Mohawesh, R., Yaseen, Q., & Jararweh, Y. (2015). Mitigating insider threats in a cloud using a knowledgebase approach while maintaining data availability. 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 226–231. https://doi.org/10.1109/ICITST.2015.7412094 

 

Althebyan, Q., & Panda, B. (2007). A Knowledge-Base Model for Insider Threat Prediction. 2007 IEEE SMC Information Assurance and Security Workshop, 239–246. https://doi.org/10.1109/IAW.2007.381939 

 

Al-Mhiqani, M. N., Ahmad, R., Zainal Abidin, Z., Yassin, W., Hassan, A., Abdulkareem,  K. H., Ali, N. S., & Yunos, Z. (2020). A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations. Applied Sciences, 10(15), 5208. https://doi.org/10.3390/app10155208 

 

Al-Omari, A., Deokar, A., El-Gayar, O., Walters, J., & Aleassa, H. (2013). Information Security Policy Compliance: An Empirical Study of Ethical Ideology. 2013 46th Hawaii International Conference on System Sciences, 3018–3027. https://doi.org/10.1109/HICSS.2013.272 

 

Ambre, A., & Shekokar, N. (2015). Insider Threat Detection Using Log Analysis and Event Correlation. Procedia Computer Science, 45, 436–445. https://doi.org/10.1016/j.procs.2015.03.175 

 

Ashwin Kumar, T. K., Liu, H., Thomas, J. P., & Hou, X. (2017). Content sensitivity based access control framework for Hadoop. Digital Communications and Networks, 3(4), 213–225. https://doi.org/10.1016/j.dcan.2017.07.007 

 

Atkinson, P., & Hammersley, M. (1994). "Ethnographyand participant observation," Handbook of qualitative research. Thou-sand Oaks, CA: Sage. 

 

Axelrad, E. T., Sticha, P. J., Brdiczka, O., & Jianqiang Shen. (2013). A Bayesian Network Model for Predicting Insider Threats. 2013 IEEE Security and Privacy Workshops, 82–89. https://doi.org/10.1109/SPW.2013.35 

 

Ayday, E., & Fekri, F. (2010). A protocol for data availability in Mobile Ad-Hoc Networks in the presence of insider attacks. Ad Hoc Networks, 8(2), 181–192. https://doi.org/10.1016/j.adhoc.2009.07.001 

 

Ajzen, I. (1988). Attitudes, personality, and behavior. Chicago: Dorsey Press. 

 

Ajzen, I., IQ Driver, B. E. (in press, a). Application of the theory of planned behavior to leisure choice. Journal of Leisure Research. 

 

Ajzen, I., & Driver, B. L. (in press, b.) Prediction of leisure participation from behavioral, normative, and control beliefs: An application of the theory of planned behavior. Journal of Leisure Sciences. 

 

Ajzen, I. (1991). The Theory of Planned Behavior. Organizational Behavior and Human Decision Processes 50, 179-211 (1991) 

 

Azaria, A., Richardson, A., Kraus, S., & Subrahmanian, V. S. (2014). Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data. IEEE Transactions on Computational Social Systems, 1(2), 135–155. https://doi.org/10.1109/TCSS.2014.2377811 

 

Bandura, A. (1982). Self-efficacy mechanism in human agency. American Psychologist, 37(2), 122–147. https://doi.org/10.1037/0003-066X.37.2.122 

 

Babin, B.J. and Boles, J.S. (1996), “The effects of perceived co-worker involvement and supervisor support on service provider role stress, performance, and job satisfaction”, Journal of Retailing, Vol. 72 No. 1, pp. 57-75. 

 

Babu, B. M., & Bhanu, M. S. (2015). Prevention of Insider Attacks by Integrating Behavior Analysis with Risk based Access Control Model to Protect Cloud. Procedia Computer Science, 54, 157–166. https://doi.org/10.1016/j.procs.2015.06.018 

 

Bachman, R., Paternoster, R., & Ward, S. (1992). The rationality of sexual offending: Testing a deterrence/rational choice conception of sexual assault. Law and Society Review, 26, 343-372. 

 

Bae, K., You, I., Yim, K., & Son, T. (2012). A Secure Secondary Backup Storage with an Isolated Authentication. 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 122–125. https://doi.org/10.1109/IMIS.2012.195 

 

Bagozzi, R. P., Yi, Y., & Phillips, L. W. (1991). "Assessing construct validity in organizational research," Administrative science quarterly (36:3), pp 421-458. 

 

BaMaung, D., McIlhatton, D., MacDonald, M., & Beattie, R. (2018). The Enemy Within? The Connection between Insider Threat and Terrorism. Studies in Conflict & Terrorism, 41(2), 133–150. https://doi.org/10.1080/1057610X.2016.1249776 

 

Baugh, S.G. and Roberts, R.M. (1994), “Professional and organizational commitment among engineer: conflicting or complementary?”, IEEE Transactions on Engineering Management, Vol. 41 No. 2, pp. 108-14. 

 

Beharelle, A. R., & Small, S. L. (2016). Imaging Brain Networks for Language. In Neurobiology of Language (pp. 805–814). Elsevier. https://doi.org/10.1016/B978-0-12-407794-2.00064-XBhattacherjee, A. (2012). "Social Science Research: principles, methods, and practices," USF Tampa Bay Open Access Textbooks Collection. Book 3. http://scholarcommons.usf.edu/oa_textbooks/3. 

 

Bhagat, R. S. and Beehr, T. A. (1984). ‘An evaluative summary and recommendations for future research’. In: Beehr, T. A. and Bhagat, R. S. (Eds) Human Stress and Cognition in Organizations: An Integrated Perspective, John Wiley Interscience, New York. 

 

Bishop, M., Conboy, H. M., Huong Phan, Simidchieva, B. I., Avrunin, G. S., Clarke, L. A., Osterweil, L. J., & Peisert, S. (2014). Insider Threat Identification by Process Analysis. 2014 IEEE Security and Privacy Workshops, 251–264. https://doi.org/10.1109/SPW.2014.40 

 

Bishop, M., Gates, C., Frincke, D., & Greitzer, F. L. (2009). AZALIA: An A to Z assessment of the likelihood of insider attack. 2009 IEEE Conference on Technologies for Homeland Security, 385–392. https://doi.org/10.1109/THS.2009.5168063 

 

Blasco, J., Hernandez-Castro, J. C., Tapiador, J. E., & Ribagorda, A. (2012). Bypassing information leakage protection with trusted applications. Computers & Security, 31(4), 557–568. https://doi.org/10.1016/j.cose.2012.01.008 

 

Block, L. G. & Keller, P. A. (1995). When to accentuate the negative: The effects of perceived efficacy and message framing on intentions to perform a health-related behavior. Journal of Marketing Research, 32, 2 (1995), 192-203. 

 

Bockarjova, M., & Steg, L. (2014). Can Protection Motivation Theory predict pro-environmental behavior? Explaining the adoption of electric vehicles in the Netherlands. Global Environmental Change, 28, 276–288. https://doi.org/10.1016/j.gloenvcha.2014.06.010 

 

Brodsky, A., Farkas, C., & Jajodia, S. (2000). Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Transactions on Knowledge and Data Engineering, 12(6), 900–919. https://doi.org/10.1109/69.895801 

 

Brehmer, B. (1987). Note of the subjects' hypotheses in multiple-cue probability learning. organizational Behaviour and Human Decision processes, 40, 323-329 

 

Brown, C. R., Watkins, A., & Greitzer, F. L. (2013). Predicting Insider Threat Risks through Linguistic Analysis of Electronic Communication. 2013 46th Hawaii International Conference on System Sciences, 1849–1858. https://doi.org/10.1109/HICSS.2013.453 

 

Burdon, M., Siganto, J., & Coles-Kemp, L. (2016). The regulatory challenges of Australian information security practice. Computer Law & Security Review, 32(4), 623–633. https://doi.org/10.1016/j.clsr.2016.05.004 

 

Burns, A. J., Posey, C., Roberts, T. L., & Benjamin Lowry, P. (2017). Examining the relationship of organizational insiders’ psychological capital with information security threat and coping appraisals. Computers in Human Behavior, 68, 190–209. https://doi.org/10.1016/j.chb.2016.11.018 

 

Brunswik, E. (1943). Organismic achievement and environmental probability. Psychological Review, 50, 255-272 

 

Brunswik, E. (1956). Perception and the representative design of psychological experiments. Berkeley, Calif, : University of California Press 

 

Bryman, A., & Bell, E. (2011). Business Research Methods 3e, Oxford university press. 

 

Bryman, A., & Cramer, D. (2009). Quantitative data analysis with SPSS 14, 15 and 16: A guide for social scientists, Routledge New York, NY. 

 

Carroll, M. D. (2006). Information security: Examining and managing the insider threat. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development  - InfoSecCD ’06, 156. https://doi.org/10.1145/1231047.1231082 

 

Cattell, R. (2012). The scientific use of factor analysis in behavioral and life sciences, Springer Science & Business Media 

 

Cavana, R. Y., Delahaye, B. L., & Sekaran, U. (2001). Applied Business Research: Qualitative and Quantitative Methods (1st ed.). US & Australia: John Wiley & Sons Australia, Ltd 

 

Chagarlamudi, M., Panda, B., & Hu, Y. (2009). Insider Threat in Database Systems: Preventing Malicious Users’ Activities in Databases. 2009 Sixth International Conference on Information Technology: New Generations, 1616–1620. https://doi.org/10.1109/ITNG.2009.67 

 

Chandel, S., Yu, S., Yitian, T., Zhili, Z., & Yusheng, H. (2019). Endpoint Protection: Measuring the Effectiveness of Remediation Technologies and Methodologies for Insider Threat. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 81–89. https://doi.org/10.1109/CyberC.2019.00023 

 

Charmaz, K. (2000). Grounded theory: Objectivist and constructivist methods. In N. K. Denzin & Y. S. Lincoln (Eds.), Handbook of qualitative research (2nd ed., pp. 509-536). Thousand Oaks, CA: Sage. 

 

Chattopadhyay, P., Wang, L., & Tan, Y.-P. (2018). Scenario-Based Insider Threat Detection From Cyber Activities. IEEE Transactions on Computational Social Systems, 5(3), 660–675. https://doi.org/10.1109/TCSS.2018.2857473 

 

Chen, Y., Nyemba, S., Zhang, W., & Malin, B. (2011). Leveraging social networks to detect anomalous insider actions in collaborative environments. Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics, 119–124. https://doi.org/10.1109/ISI.2011.5984061 

 

Choi, J.N. (2007). Change oriented organizational citizenship behavior: Effects of work environment  characteristics and intervening psychological processes. Journal of Organizational Behavior, 28, 4 (2007), 467–484. 

 

Chung, S. H., Schwager, P. H., & Turner, D. E. (2002) "An Empirical Study of Students' Computer Self-Efficacy: Differences among Four Academic Disciplines at a Large University," The Journal of Computer Information Systems (42:4) 2002, pp. 1-6. 

 

hurchill Jr, G. A. (1979). "A paradigm for developing better measures of marketing constructs," Journal of Marketing Research (16:1), pp 64-73. 

 

C. I. T. Team, “Unintentional insider threats: A review of phishing and malware incidents by economic sector,” https://resources.sei.cmu.edu/asset_files/TechnicalNote/2014_004_001_297777.pdf, 2014, (Accessed on 11/06/2017) 

 

Ciriani, V., Vimercati, S. D. C. di, Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2009). Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases. 2009 29th IEEE International Conference on Distributed Computing Systems, 32–39. https://doi.org/10.1109/ICDCS.2009.52 

 

Ciriani, V., Vimercati, S. D. C. D., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2010). Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security, 13(3), 1–33. https://doi.org/10.1145/1805974.1805978 

 

Claycomb, W. R., Huth, C. L., Phillips, B., Flynn, L., & McIntire, D. (2013). Identifying indicators of insider threats: Insider IT sabotage. 2013 47th International Carnahan Conference on Security Technology (ICCST), 1–5. https://doi.org/10.1109/CCST.2013.6922038 

 

Cohen, J. 1960. A coeffisient for agreement for nominal scales. Educational dan Psychological Measurement, 37-46. 

 

Compeau, D., Higgins, C. A., & Huff, S. (1999). "Social Cognitive Theory and Individual Reactions to Computing Technology: A Longitudinal Study," MIS Quarterly (23:2) 1999, pp. 145-158. 

 

Compeau, D. R., & Higgins, C. A. (1995). "Application of Social Cognitive Theory to Training for Computer Skills," Information Systems Research (6:2) 1995, pp. 118-143. 

 

Cost of Insider Threats Global Report, Observer IT. 2020. Available online: https://www.observeit.com/costof-insider-threats (accessed on 25 June 2020 

 

Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods approaches, Sage. 

 

Cronbach, L. J., & Meehl, P. E. (1955). "Construct validity in psychological tests," Psychological bulletin (52:4), p 281. 

 

Crossler, R., & Bélanger, F. (2014). An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 45(4), 51–71. https://doi.org/10.1145/2691517.2691521 

 

Daly, A. (2018). The introduction of data breach notification legislation in Australia: A comparative view. Computer Law & Security Review, 34(3), 477–495. https://doi.org/10.1016/j.clsr.2018.01.005 

 

Damm, W. & Harel, D. (2001). LSCs: Breathing life into message sequence charts. J. on Formal Methods in System Design, 19(1):45–80, 2001. 

 

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., & Samarati, P. (2014). Fragmentation in Presence of Data Dependencies. IEEE Transactions on Dependable and Secure Computing, 11(6), 510–523. https://doi.org/10.1109/TDSC.2013.2295798 

 

Devellis, R. F. (2003). Scale Development: Theory and Applications Second Edition SAGE. 

 

Di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2008). Controlled Information Sharing in Collaborative Distributed Query Processing. 2008 The 28th International Conference on Distributed Computing Systems, 303–310. https://doi.org/10.1109/ICDCS.2008.62 

 

Dey, I. (1999).Grounding grounded theory: Guidelines for qualitative inquiry. San Diego, CA: Academic Press. 

 

Dia, O. A., & Farkas, C. (2015). Risk Aware Query Replacement Approach for Secure Databases Performance Management. IEEE Transactions on Dependable and Secure Computing, 12(2), 217–229. https://doi.org/10.1109/TDSC.2014.2306675 

 

Diamantopoulos, A., & Winklhofer, H. M. (2001). "Index construction with formative indicators: An alternative to scale development," Journal of marketing research (38:2), pp 269-277. 

 

Dietzel, S., Petit, J., Heijenk, G., & Kargl, F. (2013). Graph-Based Metrics for Insider Attack Detection in VANET Multihop Data Dissemination Protocols. IEEE Transactions on Vehicular Technology, 62(4), 1505–1518. https://doi.org/10.1109/TVT.2012.2236117 

 

Domingo-Ferrer, J., Farràs, O., Ribes-González, J., & Sánchez, D. (2019). Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges. Computer Communications, 140–141, 38–60. https://doi.org/10.1016/j.comcom.2019.04.011 

 

Dou, Z., Khalil, I., Khreishah, A., & Al-Fuqaha, A. (2018). Robust Insider Attacks Countermeasure for Hadoop: Design and Implementation. IEEE Systems Journal, 12(2), 1874–1885. https://doi.org/10.1109/JSYST.2017.2669908 

 

Dunkerley, K. D., & Tejay, G. (2011). A Confirmatory Analysis of Information Systems Security Success Factors. 2011 44th Hawaii International Conference on System Sciences, 1–10. https://doi.org/10.1109/HICSS.2011.5 

 

Dommeyer, C.J., P., Baum, K. Chapman, and R.W. Hanna, 2002. Attitudes of business faculty towards two methods of collecting teaching evaluations: paper vs. online. Assessment and Evaluation in Higher Education 27, no. 5: 455–462 

 

Downs, C.W., Downs, A., Potvin, T., Varona, F., Gribas, J.S. and Ticehurst, W. (1995),“A cross-cultural comparison of relationships between organizational commitment and organizational communication”, paper presented at the International Communication Association Convention, Albuquerque, New Mexico, May. 

 

Eassey, J. M., & Boman, J. H. (2015). Deterrence Theory. In W. G. Jennings (Ed.), The Encyclopedia of Crime and Punishment (pp. 1–6). John Wiley & Sons, Inc. https://doi.org/10.1002/9781118519639.wbecpx115 

 

Elmrabit, N., Yang, S.-H., & Yang, L. (2015). Insider threats in information security categories and approaches. 2015 21st International Conference on Automation and Computing (ICAC), 1–6. https://doi.org/10.1109/IConAC.2015.7313979 

 

Far, S. B., & Alagheband, M. R. (2018). Analysis and Improvement of a Lightweight Anonymous Authentication Protocol for Mobile Pay-TV Systems. 2018 9th International Symposium on Telecommunications (IST), 466–473. https://doi.org/10.1109/ISTEL.2018.8661064 

 

Farkas, C., Brodsky, A., & Jajodia, S. (2006). Unauthorized inferences in semistructured databases. Information Sciences, 176(22), 3269–3299. https://doi.org/10.1016/j.ins.2006.01.004 

 

Fleiss, J. L. (1971) "Measuring nominal scale agreement among many raters." Psychological Bulletin, Vol. 76, No. 5 pp. 378–382 

 

Fleiss, J. L. (1981) Statistical methods for rates and proportions. 2nd ed. (New York: John Wiley) pp. 38–46 

 

Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A Meta-Analysis of Research on Protection Motivation Theory. Journal of Applied Social Psychology, 30(2), 407–429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x 

 

Flynn, L., Huth, C., Trzeciak, R., & Buttles, P. (2012). Best practices against insider threats for all nations. 2012 Third Worldwide Cybersecurity Summit (WCS), 1–8. https://doi.org/10.1109/WCS.2012.6780874 

 

Folkman, S., Lazarus, R. S., Dunkel-Schetter, C., DeLongis, A., & Gruen, R. J. (1986). Dynamics of a stressful encounter: Cognitive appraisal, coping, and encounter outcomes. Journal of Personality and Social Psychology, 50(5), 992-1003 

 

Fornell, C., & Larcker, D. F. (1981). "Evaluating structural equation models with unobservable variables and measurement error," Journal of marketing research, pp 39-50. 

 

Fralicx, R.D. and Bolster, C.J. (1997), ``Commentary preventing culture shock: organizations' harmonious blend of values, styles is key to long-term merger success'',Modern Healthcare, pp. 48-59. 

 

Frank, J. C., Frank, S. M., Thurlow, L. A., Kroeger, T. M., Miller, E. L., & Long, D. D. E. (2015). Percival: A searchable secret-split datastore. 2015 31st Symposium on Mass Storage Systems and Technologies (MSST), 1–12. https://doi.org/10.1109/MSST.2015.7208296 

 

Franqueira, V. N. L., Cleeff, A. van, Eck, P. van, & Wieringa, R. (2010). External Insider Threat: A Real Security Challenge in Enterprise Value Webs. 2010 International Conference on Availability, Reliability and Security, 446–453. https://doi.org/10.1109/ARES.2010.40 

 

Fridman, L., Weber, S., Greenstadt, R., & Kam, M. (2017). Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location. IEEE Systems Journal, 11(2), 513–521. https://doi.org/10.1109/JSYST.2015.2472579 

 

Froehle, C. M., & Roth, A. V. (2004). "New measurement scales for evaluating perceptions of the technology-mediated customer service experience," Journal of Operations Management (22:1), pp 1-21. 

 

Fyffe, G. (2008). Addressing the insider threat. Network Security, 2008(3), 11–14. https://doi.org/10.1016/S1353-4858(08)70031-X 

 

Gable, G. G. (1994). "Integrating case study and survey research methods: an example in information systems," European Journal of Information Systems (3:2), pp 112-126. 

 

Garfinkel, R., Gopal, R., & Rice, D. (2006). New Approaches to Disclosure Limitation While Answering Queries to a Database: Protecting Numerical Confidential Data against Insider Threat Based on Data or Algorithms. Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS’06), 125a–125a. https://doi.org/10.1109/HICSS.2006.359 

 

Garfinkel, Robert, Gopal, R., & Goes, P. (2002). Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat. Management Science, 48(6), 749–764. https://doi.org/10.1287/mnsc.48.6.749.193 

 

Garner, B. A. Black’s Law Dictionary, Seventh Edition. St. Paul, MN: West Group, 1999 

 

Gaseb, A., Nathan, C., Fudong, L., & Furnell, S. (2018). The Current Situation of Insider Threats Detection: An Investigative Review. 2018 21st Saudi Computer Society National Computer Conference (NCC), 1–7. https://doi.org/10.1109/NCG.2018.8592986 

 

Glaser, B. G., & Strauss, A. L. (1967).Discovery of grounded theory: Strategies for qualitative research. Chicago: Aldine. 

 

Glasser, J., & Lindauer, B. (2013). Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data. 2013 IEEE Security and Privacy Workshops, 98–104. https://doi.org/10.1109/SPW.2013.37 

 

Goodman.S.N. (1993). P Values, Hypothesis Tests, and Likelihood: Implications for Epidemiology of a Neglected Historical Debate. American Journal of Epidemiology. Volume (137), Number 5. 

 

Goryczka, S., Xiong, L., & Fung, B. C. M. (2014). \(m\) -Privacy for Collaborative Data Publishing. IEEE Transactions on Knowledge and Data Engineering, 26(10), 2520–2533. https://doi.org/10.1109/TKDE.2013.18 

 

Graen, G. Instrumentality Theory of work motivation: Some experimental results and suggested modifications. Journal of Applied Psychology Monograph, 1969, 53, 1-25. 

 

Green D.M., Swets, J.A. (1966). Signal detection theory and psychophysics. New York Wiley. 

 

Greitzer, F. L., & Ferryman, T. A. (2013). Methods and Metrics for Evaluating Analytic Insider Threat Tools. 2013 IEEE Security and Privacy Workshops, 90–97. https://doi.org/10.1109/SPW.2013.34 

 

Greitzer, F. L., Strozer, J., Cohen, S., Bergey, J., Cowley, J., Moore, A., & Mundie, D. (2014). Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies. 2014 47th Hawaii International Conference on System Sciences, 2025–2034. https://doi.org/10.1109/HICSS.2014.256 

 

Guo, H., Li, Y., Liu, A., & Jajodia, S. (2006). A fragile watermarking scheme for detecting malicious modifications of database relations. Information Sciences, 176(10), 1350–1378. https://doi.org/10.1016/j.ins.2005.06.003 

 

Gupta, R., Tanwar, S., Tyagi, S., & Kumar, N. (2020). Machine Learning Models for Secure Data Analytics: A taxonomy and threat model. Computer Communications, 153, 406–440. https://doi.org/10.1016/j.comcom.2020.02.008 

 

Guri, M., Puzis, R., Choo, K.-K. R., Rubinshtein, S., Kedma, G., & Elovici, Y. (2019). Using malware for the greater good: Mitigating data leakage. Journal of Network and Computer Applications, 145, 10240https://doi.org/10.1016/j.jnca.2019.07.006 

  

Grasmick, H. G., & Bursik, R. J. (1990). Conscience, significant others, and rational choice:Extending the deterrence model. Law & Society Review, 24, 837-861. 

 

Grasmick, H. G., Bursik, R. J., & Kinsey, K. A. (1991). Shame and embarrassment as deterrents to noncompliance with the law: The case of an antilittering campaign. Environment & Behavior, 23, 233-251. 

 

Grasmick, H. G., Tittle, C. R., Bursik, R. J., & Arneklev, B. J. (1993). Testing the core empirical implications of Gottfredson and Hirschi's general theory of crime. Journal of Research in Crime and Delinquency, 30, 5-29. 

 

Hammond, K. R. & Joyce, C. R. B. (Eds.). (1975). Psychoactive drugs and social judgment. New York: Wiley Interscience. 

 

Harel, D. & Marelly, R. (2003). Come, Let’s Play: Scenario-Based Programming Using LSCs and the Play-Engine. Springer, 2003. 

 

Hass, J. Bagley,G. & Rogers R. (1975). Coping with the energy crisis: effects of fear appeals upon  attitudes toward energy consumption, The Journal of Applied Psychology 60 (1975) 754–756. 

 

Heneman H. G., & Schwab, D. P. Evaluation of research on expectancy theory prediction of employee performance. Psychological Bulletin, 1972, 78, 1-9. 

 

Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of InformatioSystems, 18(2), 106–125. https://doi.org/10.1057/ejis.2009.6 

 

Higgins, G. E. , Wilson,  A. L., & Fell, B. D. (2005). An Application of Deterrence Theory to Software Piracy Journal of Criminal Justice and Popular Culture, 12 (3), 166-184. 

 

Hines, C., & Youssef, A. (2019). Class Balancing for Fraud Detection in Point Of Sale Systems. 2019 IEEE International Conference on Big Data (Big Data), 4730–4739. https://doi.org/10.1109/BigData47090.2019.9006040 

 

Hinkin, T. R., & Schriesheim, C. A. (1989). "Development and application of new scales to measure the French and Raven (1959) bases of social power," Journal of Applied Psychology (74:4), p 561. 

 

Ho, S. M., Hancock, J. T., Booth, C., Burmester, M., Liu, X., & Timmarajus, S. S. (2016). Demystifying Insider Threat: Language-Action Cues in Group Dynamics. 2016 49th Hawaii International Conference on System Sciences (HICSS), 2729–2738. https://doi.org/10.1109/HICSS.2016.343 

 

Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., & Ochoa, M. (2019). Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures. ACM Computing Surveys, 52(2), 1–40. https://doi.org/10.1145/3303771 

 

Honeycutt, E.D., Karade, K., Attia, A. and Maurer, S.D. (2001), “A utility based framework for evaluating the financial impact of sales force training programs”, Journal of Personal Selling & Sales Management, Vol. 21, pp. 229-38. 

 

Hsieh, C.-H., Lai, C.-M., Mao, C.-H., Kao, T.-C., & Lee, K.-C. (2015). AD2: Anomaly detection on active directory log data for insider threat monitoring. 2015 International Carnahan Conference on Security Technology (ICCST), 287–292. https://doi.org/10.1109/CCST.2015.7389698 

 

Hu, Y., Frank, C., Walden, J., Crawford, E., & Kasturiratna, D. (2011). Profiling file repository access patterns for identifying data exfiltration activities. 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 122–128. https://doi.org/10.1109/CICYBS.2011.5949404 

 

Huang, X., Madoc, A. C., Sharma, D., & Farooq, N. (2007). Pseudo Random Binary Protecting On-line Data Communications against Insider Threat. The 9th International Conference on Advanced Communication Technology, 1347–1352. https://doi.org/10.1109/ICACT.2007.358607 

 

Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247–255. https://doi.org/10.1016/j.istr.2008.10.010 

 

Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95. https://doi.org/10.1016/j.cose.2011.10.007 

 

Ismail, W. B. W., & Yusof, M. (2018). Mitigation Strategies for Unintentional Insider Threats on Information Leaks. International Journal of Security and Its Applications, 12(1), 37–46. https://doi.org/10.14257/ijsia.2018.12.1.03 

 

Janmaimool, P. (2017). Application of Protection Motivation Theory to Investigate Sustainable Waste Management Behaviors. Sustainability, 9(7), 1079. https://doi.org/10.3390/su9071079 

 

Jiang, J., Chen, J., Choo, K.-K. R., Liu, K., Liu, C., Yu, M., & Mohapatra, P. (2018). Prediction and Detection of Malicious Insiders’ Motivation Based on Sentiment Profile on Webpages and Emails. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 1–6. https://doi.org/10.1109/MILCOM.2018.8599790 

 

Jiang, S., Smith, S., & Minami, K. (2001). Securing Web servers against insider attack. Seventeenth Annual Computer Security Applications Conference, 265–276. https://doi.org/10.1109/ACSAC.2001.991542 

 

Johnston & Warkentin. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 34(3), 549. https://doi.org/10.2307/25750691 

 

Jones, G. R. (1983). ‘Psychological orientation and the process of organizational socialization: An interactionist perspective’, Academy of Management Review, 8,464474. 

 

Kammuller, F., & Probst, C. W. (2014). Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. 2014 IEEE Security and Privacy Workshops, 229–235. https://doi.org/10.1109/SPW.2014.45 

 

Katz, R. (1978). ‘Job longetivity as a situational factor in job satisfaction’, Administrative Science Quarterly, 23, 204-223. 

 

Kelly, R. F., & Anderson, T. S. (2016). A vector relational data modeling approach to Insider threat intelligence (M. A. Kolodny & T. Pham, Eds.; p. 98310W). https://doi.org/10.1117/12.2224299 

 

Killourhy, K. S., & Maxion, R. A. (2007). Toward Realistic and Artifact-Free Insider-Threat Data. Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 87–96. https://doi.org/10.1109/ACSAC.2007.31 

 

Kohlberg, L. (1969). Stage and sequence: The cognitive-developmen tal approach to socialization. In D. A. Goslin (Ed.), Handbook of socialization theory and research (pp. 347-480). Chicago: Rand McNally. 

 

Kramer, M.W. (1999), “Motivation to reduce uncertainty: a reconceptualization of uncertainty reduction theory”, Management Communication Quarterly, Vol. 13 No. 2, pp. 305-16. 

 

Kroeger, T. M., Frank, J. C., & Miller, E. L. (2013). The case for distributed data archival using secret splitting with Percival. 2013 6th International Symposium on Resilient Control Systems (ISRCS), 204–209. https://doi.org/10.1109/ISRCS.2013.6623777 

 

Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring Data Security Issues and Solutions in Cloud Computing. Procedia Computer Science, 125, 691–697. https://doi.org/10.1016/j.procs.2017.12.089 

 

Kumari, A., Tanwar, S., Tyagi, S., Kumar, N., Parizi, R. M., & Choo, K.-K. R. (2019). Fog data analytics: A taxonomy and process model. Journal of Network and Computer Applications, 128, 90–104. https://doi.org/10.1016/j.jnca.2018.12.013 

 

Latane, B., & Darley, J. M. (1970). The unresponsive bystander: Why doesn't he help?. New \brk: Appleton-Century-Crofts. 

 

Lam, J. C. Y., & Lee, M. K. O. (2006). "Digital Inclusiveness - Longitudinal Study of Internet Adoption by Older Adults," Journal of Management Information Systems (22:4) 2006, pp. 177-206. 

 

Lawler, E. E. A Correlational-Causal Analysis of The Relationship Between Expectancy Attitudes And Job Performance. Journal O] Applied Psychology, 1968, 52, 462-468. 

 

Lawler, E. E. Pay and Organizational Effectiveness: A Psychological View. New York: Mcgraw-Hill, 1971. 

 

Lawler, E. E., Porter, L. W. Antecedent Attitudes of Effective Managerial Performance. Organizational Behavior and Human Performance, 1967, 2, 122-142. 

 

Lawler, E- E., & Svttle, J. L. A causal correlational test of the need hierarchy concept. Organizational Behavior and Human Performance, 1972, 7, 265-287. 

 

Le, M., Kant, K., & Jajodia, S. (2014). Consistency and enforcement of access rules in cooperative data sharing environment. Computers & Security, 41, 3–18. https://doi.org/10.1016/j.cose.2013.08.011 

 

Lee, Y. (2011). Understanding anti-plagiarism software adoption: An extended protection motivation theory perspective. Decision Support Systems, 50(2), 361–369. https://doi.org/10.1016/j.dss.2010.07.009 

 

Leu, F.-Y., Tsai, K.-L., Hsiao, Y.-T., & Yang, C.-T. (2017). An Internal Intrusion Detection and Protection System by Using Data Mining and Forensic Techniques. IEEE Systems Journal, 11(2), 427–438. https://doi.org/10.1109/JSYST.2015.2418434 

 

Leventhal, H. (1970). Findings and theory in the study of fear communications. Advances in Experimental Social Psychology, 5(1970), 119-186. 

 

Liu, A., Martin, C., Hetherington, T., & Matzner, S. (2005). A comparison of system call feature representations for insider threat detection. Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005., 340–347. https://doi.org/10.1109/IAW.2005.1495972 

 

Liu, L., De Vel, O., Chen, C., Zhang, J., & Xiang, Y. (2018). Anomaly-Based Insider Threat Detection Using Deep Autoencoders. 2018 IEEE International Conference on Data Mining Workshops (ICDMW), 39–48. https://doi.org/10.1109/ICDMW.2018.00014 

 

Lu, Y., Huang, X., Li, D., & Zhang, Y. (2018). Collaborative Graph-Based Mechanism for Distributed Big Data Leakage Prevention. 2018 IEEE Global Communications Conference (GLOBECOM), 1–7. https://doi.org/10.1109/GLOCOM.2018.8647746 

 

MacKenzie, S. B., Podsakoff, P. M., & Podsakoff, N. P. (2011). "Construct measurement and validation procedures in MIS and behavioral research: integrating new and existing techniques," MIS Quarterly (35:2), pp 293-334. 

 

Madden, T.J., Ellen, P.S., & Ajzen, I. (1992). A comparison of the Theory of Planned Behaviour and the Theory of Reasoned Action. PSPB, Vol 18 No1, February 1992 3-9 

 

Magklaras, G. B., & Furnell, S. M. (2001). Insider Threat Prediction Tool: Evaluating the probability of IT misuse. Computers & Security, 21(1), 62–73. https://doi.org/10.1016/S0167-4048(02)00109-8 

 

Magklaras, G. B., & Furnell, S. M. (2005). A preliminary model of end user sophistication for insider threat prediction in IT systems. Computers & Security, 24(5), 371–380. https://doi.org/10.1016/j.cose.2004.10.003 

 

Maier, R. Psychology in Industry. Boston: Houghton-Mifflin, 1955. 2nd Ed. 

 

Mandal, S., & Khan, D. A. (2019). A Dynamic Programming Approach to Secure User Image Data in Cloud Based ERP Systems. 2019 Fifth International Conference on Image Information Processing (ICIIP), 91–96. https://doi.org/10.1109/ICIIP47207.2019.8985974 

 

Mappus, R. L., & Briscoe, E. (2013). Layered behavioral trace modeling for threat detection. 2013 IEEE International Conference on Intelligence and Security Informatics, 173–175. https://doi.org/10.1109/ISI.2013.6578813 

 

Martin Fishbein (1974), "Factors Influencing Intentions and the Intention-Behavior Relation," Human Relations, 27 (January), 1-15. 

 

Martin Fishbein (1977), "Attitude-Behavior Relations: A Theoretical Analysis and Review of Empirical Research," Psychological Bulletin, 84 (September),888-918. 

 

Martin Fishbein (1980a), "Prediction of Goal Directed Behavior: Attitudes, Intentions, and Perceived Behavioral Control," Journal of Experimental Social Psychology, 22 (September), 453-474. 

 

Martin Fishbein, eds. (1980b), Understanding Attitudes and Predicting Social Behavior, Englewood Cliffs, NJ: Prentice-Hall. 

 

Martinez-Moyano, I. J., Samsa, M. E., Burke, J. F., & Akcam, B. K. (2008). Toward a Generic Model of Security in an Organizational Context: Exploring Insider Threats to Information Infrastructure. Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), 267–267. https://doi.org/10.1109/HICSS.2008.456 

 

Maruyama GM (1998) Basics of structural equation modelling. Sage Publications, Inc., California 

 

Mayhew, M., Atighetchi, M., Adler, A., & Greenstadt, R. (2015). Use of machine learning in big data analytics for insider threat detection. MILCOM 2015 - 2015 IEEE Military Communications Conference, 915–922. https://doi.org/10.1109/MILCOM.2015.7357562 

 

Mekonnen, S., Padayachee, K., & Meshesha, M. (2015). A Privacy Preserving Context-Aware Insider Threat Prediction and Prevention Model Predicated on the Components of the Fraud Diamond. 2015 Annual Global Online Conference on Information and Computer Technology (GOCICT), 60–65. https://doi.org/10.1109/GOCICT.2015.20 

 

Menard, P., Bott, G. J., & Crossler, R. E. (2017). User Motivations in Protecting Information Security: Protection Motivation Theory Versus Self-Determination Theory. Journal of Management Information Systems, 34(4), 1203–1230. https://doi.org/10.1080/07421222.2017.1394083 

 

Menard, P., Gatlin, R., & Warkentin, M. (2014). Threat Protection and Convenience: Antecedents of Cloud-Based Data Backup. Journal of Computer Information Systems, 55(1), 83–91. https://doi.org/10.1080/08874417.2014.11645743 

 

Mohania, M., Ananthanarayanan, R., & Gupta, A. (2007). Some issues in privacy data management. Data & Knowledge Engineering, 63(3), 591–596. https://doi.org/10.1016/j.datak.2007.03.003 

 

Milgram, S. (1963). Behavioral study of obedience. Journal of Abnormal and Social Psychology, 67, 371-378. 

 

Mischel, W, & Mischel, H. N. (1976). A cognitive-social learning approach to socialization and self-regulation. In T. Lickona (Ed.),Moral development and behavior: Theory, research, and social issues. New York: Holt. 

 

Mischel, W. (1968). Personality and assessment. New York: Wiley. 

 

Moore, A. P., Kennedy, K. A., & Dover, T. J. (2016). Introduction to the special issue on insider threat modeling and simulation. Computational and Mathematical Organization Theory, 22(3), 261–272. https://doi.org/10.1007/s10588-016-9210-8 

 

Morovati, K., Kadam, S., & Ghorbani, A. (2016). A network based document management model to prevent data extrusion. Computers & Security, 59, 71–91. https://doi.org/10.1016/j.cose.2016.02.003 

 

Mrema, E., & Kumar, V. (2018). Fine Grained Attribute Based Access Control of Healthcare Data. 2018 12th International Symposium on Medical Information and Communication Technology (ISMICT), 1–5. https://doi.org/10.1109/ISMICT.2018.8573699 

 

Munshi, A., Dell, P., & Armstrong, H. (2012). Insider Threat Behavior Factors: A Comparison of Theory with Reported Incidents. 2012 45th Hawaii International Conference on System Sciences, 2402–2411. https://doi.org/10.1109/HICSS.2012.326 

 

Musa, A., Abubakar, A., Gimba, U. A., & Rasheed, R. A. (2019). An Investigation into Peer-to-Peer Network Security Using Wireshark. 2019 15th International Conference on Electronics, Computer and Computation (ICECCO), 1–6. https://doi.org/10.1109/ICECCO48375.2019.9043236 

 

Nagin, D. S. (1998). Deterrence and incapacitation. In M. H. Tonry (Ed.), Handbook of crime and punishment (pp. 345-368). Oxford, United Kingdom: Oxford University Press. 

 

Nagin, D. S., & Paternoster, R. (1991). The preventive effects of the perceived risk of arrest: Testing an expanded conception of deterrence. Criminology, 29, 561-587. 

 

Nagin, D. S., & Paternoster, R. (1993). Enduring individual differences and rational choice theories of crime. Law & Society Review, 27, 467-496. 

 

Nagin, D. S., & Pogarsky, G. (2003). An experimental investigation of deterrence: Cheating, self-servicing bias, and impulsivity. Criminology, 41, 167-193. 

 

Nagin, D. S., & Pogarsky, G. (2004). Time and punishment: Delayed consequences and criminal behavior. Journal of Quantitative Criminology, 20, 295-318. 

 

Newell, C. E., Rosenfeld, P., Harris, R. N., & Hindelang, R. L. (2004). "Reasons for nonresponse on U.S. Navy surveys: a closer look," Military Psychology (16:4), pp 265-276. 

 

Ng, B.-Y. A. Kankanhalli, & Xu,Y.(2009). Studying users' computer security behavior: a health belief perspective, Decision Support Systems 46 (4) (2009) 815–825. 

 

Nithiyanandam, C., Tamilselvan, D., Balaji, S., & Sivaguru, V. (2012). Advanced framework of defense system for prevetion of insider’s malicious behaviors. 2012 International Conference on Recent Trends in Information Technology, 434–438. https://doi.org/10.1109/ICRTIT.2012.6206788 

 

Novikova, E. S., Bekeneva, Y. A., Volkov, A. A., & Shorov, A. V. (2018). Approach for the analysis of the contacts of the critical infrastructure employees. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), 347–350. https://doi.org/10.1109/EIConRus.2018.8317103 

 

Nulty, Duncan D. “The adequacy of response rates to online and paper surveys: what can be done?” Assessment & Evaluation in Higher Education: Vol. 33, No. 3, June 2008, 301-314 

 

Nunnally, J. C., Bernstein, I. H., & Berge, J. M. t. (1967). Psychometric theory, New York: McGraw Hill. 

 

O'Brien, H. L., & Toms, E. G. (2009). "The development and evaluation of a survey to measure user engagement," Journal of the American Society for Information Science and Technology (61:1), pp 50-69 

 

Padayachee, K. (2013). A conceptual opportunity-based framework to mitigate the insider threat. 2013 Information Security for South Africa, 1–8. https://doi.org/10.1109/ISSA.2013.6641060 

 

Pagliari, R., Ghosh, A., Gottlieb, Y. M., Chadha, R., Vashist, A., & Hadynski, G. (2015). Insider attack detection using weak indicators over network flow data. MILCOM 2015 - 2015 IEEE Military Communications Conference, 1–6. https://doi.org/10.1109/MILCOM.2015.7357409 

 

Park, S. (2019). Why information security law has been ineffective in addressing security vulnerabilities: Evidence from California data breach notifications and relevant court and government records. International Review of Law and Economics, 58, 132–145. https://doi.org/10.1016/j.irle.2019.03.007 

 

Park, S., Ahmad, A., & Ruighaver, A. B. (2010). Factors Influencing the Implementation of Information Systems Security Strategies in Organizations. 2010 International Conference on Information Science and Applications, 1–6. https://doi.org/10.1109/ICISA.2010.5480261 

 

Parveen, P., Mcdaniel, N., Weger, Z., Evans, J., Thuraisingham, B., Hamlen, K., & Khan, L. (2013). Evolving Insider Threat Detection Stream Mining Perspective. International Journal on Artificial Intelligence Tools, 22(05), 1360013. https://doi.org/10.1142/S0218213013600130 

 

Parveen, P., Weger, Z. R., Thuraisingham, B., Hamlen, K., & Khan, L. (2011). Supervised Learning for Insider Threat Detection Using Stream Mining. 2011 IEEE 23rd International Conference on Tools with Artificial Intelligence, 1032–1039. https://doi.org/10.1109/ICTAI.2011.176 

 

Paternoster, R. (1987). The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues. Justice Quarterly, 4, 173-217. 

 

Pechmann,C. Zhao,G. Goldberg,M.E. & Reibling, E.T. (2003). What to convey in antismoking advertisements for adolescents: the use of protection motivation theory to identify effective message theme, Journal of Marketing 67 (2003, April) 1–18. 

 

Ponemon Institute, LLC. Security of Cloud Computing Providers Study. 2011. Available online: http://www.ca.com/~{}/media/Files/IndustryResearch/security-of-cloud-computingproviders-final-april-2011.pdf (accessed on 11 June 2020) 

 

Pogarsky, G. (2002). Identifying ‘deterrable’ offenders: Implications for research on deterrence. Justice Quarterly, 19, 431-453. 

 

Porcedda, M. G. (2018). Patching the patchwork: Appraising the EU regulatory framework on cyber security breaches. Computer Law & Security Review, 34(5), 1077–1098. https://doi.org/10.1016/j.clsr.2018.04.009 

 

Porter, L.W.; Steers, R.M.; Mowday, R.T.; & Boulian, P.V. (1974). Organizational commitment, job satisfaction, and turnover among psychiatric technicians. Journal of Applied Psychology, 59, 5 (1974), 603–609. 

 

Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets. Journal of Management Information Systems, 32(4), 179–214. https://doi.org/10.1080/07421222.2015.1138374 

 

Price, J.L. (1997), “Handbook of organizational measurement”, International Journal of Manpower, Vol. 18 Nos 4/5/6, pp. 303-558. 

 

Pritchett, P. and Pound, R. (1996), High Velocity Culture Change: A Handbook for Managers, Pritchett & Associates, Dallas, TX. 

 

Privileged User Abuse & The Insider Threat. Ponemon Institute Research Report. May 2014. Available online: http://www.raytheoncyber.com/rtnwcm/groups/cyber/documents/content/rtn_257010.pdf (accessed on 11 June 2020) 

 

Probst, C. W., & Hansen, R. R. (2009). Analysing Access Control Specifications. 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering, 22–33. https://doi.org/10.1109/SADFE.2009.13 

 

Putti, J.M., Aryee, S. and Phua, J. (1990), “Communication relationship satisfaction and organizational commitment”, Group & Organizational Studies, Vol. 15 No. 1, pp. 44-52. 

 

Ragavan, H., & Panda, B. (2013). Mitigating Malicious Updates: Prevention of Insider Threat to Databases. 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 781–788. https://doi.org/10.1109/TrustCom.2013.95 

 

Ragit, S. M., & Badhiye, Sagar. S. (2016). Preserving privacy in collaborative data publishing from heterogeneity attack. 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), 1–4. https://doi.org/10.1109/STARTUP.2016.7583956 

 

Ramachandran, R., Neelakantan, S., & Bidyarthy, A. S. (2011). Behavior model for detecting data exfiltration in network environment. 2011 IEEE 5th International Conference on Internet Multimedia Systems Architecture and Application, 1–5. https://doi.org/10.1109/IMSAA.2011.6156340 

 

Randazzo, M. R., Keeney, M., Kowalski, E., Cappelli, D., & Moore, A. (n.d.). Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. 37. 

 

Recker, J. (2013). Scientific research in information systems: a beginner's guide, Springer: New York. 

 

Recker, J. (2008). Understanding Process Modelling Grammar Continuance, Phd Thesis, Queensland University of Technology Brisbane. 

 

Rizvi, S., Cover, K., & Gates, C. (2014). A Trusted Third-party (TTP) based Encryption Scheme for Ensuring Data Confidentiality in Cloud Environment. Procedia Computer Science, 36, 381–386. https://doi.org/10.1016/j.procs.2014.09.009 

 

Rodwell, J.J., Kienzle, R. and Shadur, M.A. (1998), “The relationships among work-related perceptions, employee attitudes, and employee performance: the integral role of communication”, Human Resource Management, Vol. 37 Nos 3/4, pp. 277-93. 

 

Rogers, R. W. (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change1. The Journal of Psychology, 91(1), 93–114. https://doi.org/10.1080/00223980.1975.9915803 

 

Rogers, R.W. (1983). Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation. In Cacioppo, J. & Petty, R. (Eds.) Social Psychophysiology: A Sourcebook.pg. 153 – 176. New York, New York: Guilford. 

 

Rogers,R.W. & Prentice-Dunn, S.(1997). Protection motivation theory, in: D.S. Gochman (Ed.), Handbook of Health Behavior Research, I, Plenum, New York, 1997, pp. 113–132. 

 

Roy Sarkar, K. (2010). Assessing insider threats to information security using technical, behavioural and organisational measures. Information Security Technical Report, 15(3), 112–133. https://doi.org/10.1016/j.istr.2010.11.002 

 

Safa, N. S., Maple, C., Furnell, S., Azad, M. A., Perera, C., Dabbagh, M., & Sookhak, M. (2019). Deterrence and prevention-based model to mitigate information security insider threats in organisations. Future Generation Computer Systems, 97, 587–597. https://doi.org/10.1016/j.future.2019.03.024 

 

Safa, N. S., Maple, C., Watson, T., & Von Solms, R. (2018). Motivation and opportunity based model to reduce information security insider threats in organisations. Journal of Information Security and Applications, 40, 247–257. https://doi.org/10.1016/j.jisa.2017.11.001 

 

Santos, E., Nguyen, H., Yu, F., Kim, K. J., Li, D., Wilkinson, J. T., Olson, A., Russell, J., & Clark, B. (2012). Intelligence Analyses and the Insider Threat. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, 42(2), 331–347. https://doi.org/10.1109/TSMCA.2011.2162500 

 

Sarkar, A., Kohler, S., Ludascher, B., & Bishop, M. (2017). Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes. IEEE Systems Journal, 11(2), 522–533. https://doi.org/10.1109/JSYST.2015.2477472 

 

Schlicher, B. G., MacIntyre, L. P., & Abercrombie, R. K. (2016). Towards Reducing the Data Exfiltration Surface for the Insider Threat. 2016 49th Hawaii International Conference on System Sciences (HICSS), 2749–2758. https://doi.org/10.1109/HICSS.2016.345 

 

Sedera, D., Gable, G., & Chan, T. (2003). "Survey design: Insights from a public sector-ERP success study," in Pacific Asia Conference on Information Systems (PACIS): Adelaide, Australia, p. 41. 

 

Sharghi, H., & Sartipi, K. (2016). A User Behavior-Based Approach to Detect the Insider Threat in Distributed Diagnostic Imaging Systems. 2016 IEEE 29th International Symposium on Computer-Based Medical Systems (CBMS), 300–305. https://doi.org/10.1109/CBMS.2016.58 

 

Sheppard, B. H.,  Hartwick, J., & Warshaw,  P. R. (1988). The Theory of Reasoned Action: A Meta-Analysis of Past Research with Recommendations for Modifications and Future Research. the Journal of Consumer Research. 

 

Sibai, F. M., & Menasce, D. A. (2012). Countering Network-Centric Insider Threats through Self-Protective Autonomic Rule Generation. 2012 IEEE Sixth International Conference on Software Security and Reliability, 273–282. https://doi.org/10.1109/SERE.2012.40 

 

Siponen & Vance. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487. https://doi.org/10.2307/25750688 

 

Sokolowski, J. A., Banks, C. M., & Dover, T. J. (2016). An agent-based approach to modeling insider threat. Computational and Mathematical Organization Theory, 22(3), 273–287. https://doi.org/10.1007/s10588-016-9220-6 

 

Srivastava, P., Singh, S., Pinto, A. A., Verma, S., Chaurasiya, V. K., & Gupta, R. (2011). An architecture based on proactive model for security in cloud computing. 2011 International Conference on Recent Trends in Information Technology (ICRTIT), 661–666. https://doi.org/10.1109/ICRTIT.2011.5972392 

 

Stanton, J.M.; Stam, K.R.; Mastrangelo, P.M.; & Jolton, J.A.(2006). Behavioral information security: An overview, results, and research agenda. In P. Zhang and D.F. Galletta (eds.), Human–Computer Interaction and Management Information Systems: Foundations. Armonk, NY: M.E. Sharpe, 2006, pp. 262–280. 

 

Stemler, S. 1998. Investigating the practical applications of content analysis. http://www2.bc.edu/~stemler/contentanalysis.hmtl 

 

Sticha, P. J., & Axelrad, E. T. (2016). Using dynamic models to support inferences of insider threat risk. Computational and Mathematical Organization Theory, 22(3), 350–381. https://doi.org/10.1007/s10588-016-9209-1 

 

Stolfo, S. J., Salem, M. B., & Keromytis, A. D. (2012). Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud. 2012 IEEE Symposium on Security and Privacy Workshops, 125–128. https://doi.org/10.1109/SPW.2012.19 

 

Straub, D., Boudreau, M.-C., & Gefen, D. (2004). "Validation guidelines for IS positivist research," Communications of the Association for Information Systems (13:24), pp 380-427. 

 

Suresh, N. R., Malhotra, N., Kumar, R., & Thanudas, B. (2012). An integrated data exfiltration monitoring tool for a large organization with highly confidential data source. 2012 4th Computer Science and Electronic Engineering Conference (CEEC), 149–153. https://doi.org/10.1109/CEEC.2012.6375395 

 

Sutton, S. (1982). Fear-arousing communications: A critical examination of theory and research. In J. Eiser (Ed.), Social psychology and behavioral medicine (pp. 303-337). London, UK: John Wiley & Sons. 

 

Tanner, J. F., Hunt, J. B., & Eppright, D. R. (1991). The Protection Motivation Model: A Normative Model of Fear Appeals. Journal of Marketing, 55(3), 36–45. https://doi.org/10.1177/002224299105500304 

 

Tapiador, J. E., & Clark, J. A. (2011). Masquerade mimicry attack detection: A randomised approach. Computers & Security, 30(5), 297–310. https://doi.org/10.1016/j.cose.2011.05.004 

 

Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The insider threat to information systems and the effectiveness of ISO17799. Computers & Security, 24(6), 472–484. https://doi.org/10.1016/j.cose.2005.05.002 

 

The Global State of Information Security. PWC, 2014. Available online: http://www.pwc.com/gx/en/consulting-services/information-security-survey/index.jhtml (accessed on 10 June 2020) 

 

Thomas, J.P.,Whitman, D.S., & Viswesvaran, C. (2010).Employee proactivity in organizations: A comparative meta analysis of emergent proactive constructs. Journal of Occupational and Organizational Psychology, 83, 2 (2010), 275–300. 

 

Thompson, H. H., Whittaker, J. A., & Andrews, M. (2004). Intrusion detection. Computer Fraud & Security, 2004(1), 13–15. https://doi.org/10.1016/S1361-3723(04)00018-1 

 

Thompson, P. (2004). Weak models for insider threat detection (E. M. Carapezza, Ed.; p. 40). https://doi.org/10.1117/12.548178 

 

Travers. J.C., Cook. B. C., & Cook.L (2017). Null Hypothesis Significance Testing and p Values. Learning Disabilities Research & Practice, 00(0), 1–8. The Division for Learning Disabilities of the Council for Exceptional Children DOI: 10.1111/ldrp.12147 

 

Ullah, F., Edwards, M., Ramdhany, R., Chitchyan, R., Babar, M. A., & Rashid, A. (2018). Data exfiltration: A review of external attack vectors and countermeasures. Journal of Network and Computer Applications, 101, 18–54. https://doi.org/10.1016/j.jnca.2017.10.016 

 

Vallerand, R. J.,  Deshaies P., Cuerrier, J. , Pelletier,  L. G., & Mongeau, C. (1992) Ajzen and Fishbein's Theory of Reasoned Action as Applied to Moral Behavior: A Confirmatory Analysis Journal of Personality and Social Psychology, 1992, Vol. 62, No. 1, 98-109 

 

Vance, A., Siponen, M., & Pahnila, S. (2009). How personality and habit affect protection motivation.  Presented at Association of Information Systems SIGSEC Workshop on Information Security & Privacy (WISP 2009), Phoenix, AZ, USA, 2009, pp. 1-7. 

 

Vemasani, P., Brodsky, A., & Ammann, P. (2014). Generating Test Data to Distinguish Conjunctive Queries with Equalities. 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops, 216–221. https://doi.org/10.1109/ICSTW.2014.23 

 

Vroom, V. H. Work and motivation. New York: Wiley, 1964. 

 

Walker-Roberts, S., Hammoudeh, M., & Dehghantanha, A. (2018). A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure. IEEE Access, 6, 25167–25177. https://doi.org/10.1109/ACCESS.2018.2817560 

 

Wall, D. S. (2013). Enemies within: Redefining the insider threat in organizational security policy. Security Journal, 26(2), 107–124. https://doi.org/10.1057/sj.2012.1 

 

Wang, P. S., Lai, F., Hsiao, H.-C., & Wu, J.-L. (2016). Insider Collusion Attack on Privacy-Preserving Kernel-Based Data Mining Systems. IEEE Access, 4, 2244–2255. https://doi.org/10.1109/ACCESS.2016.2561019 

 

Wang, Y. L., & Yang, S. C. (2014). A Method of Evaluation for Insider Threat. 2014 International Symposium on Computer, Consumer and Control, 438–441. https://doi.org/10.1109/IS3C.2014.121 

 

Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems, 18(2), 101–105. https://doi.org/10.1057/ejis.2009.12 

 

White, J., & Panda, B. (2010). Insider threat discovery using automatic detection of mission critical data based on content. 2010 Sixth International Conference on Information Assurance and Security, 56–61. https://doi.org/10.1109/ISIAS.2010.5604187 

 

Williams, P. A. H. (2008). In a ‘trusting’ environment, everyone is responsible for information security. Information Security Technical Report, 13(4), 207–215. https://doi.org/10.1016/j.istr.2008.10.009 

 

Witte, K. (1992). Putting the fear back into fear appeals: The extended parallel process model. Communication Monographs, 59(4), 329–349. https://doi.org/10.1080/03637759209376276 

 

Witte, K. (1994). Fear control and danger control: A test of the extended parallel process model (EPPM). Communication Monographs, 61(2), 113–134. https://doi.org/10.1080/03637759409376328 

 

Witte, K., & Allen, M. (2000). A Meta-Analysis of Fear Appeals: Implications for Effective Public Health Campaigns. Health Education & Behavior, 27(5), 591–615. https://doi.org/10.1177/109019810002700506 

 

Wong, S.-P., & Whitman, L. (1999). Attaining Agility At The Enterprise Level. 6. 

 

Woon, I.M.Y. Tan, G.W. & Low, R.T. (2005). A protection motivation theory approach to home wireless security, Proceedings of the Twenty-Sixth International Conference on Information Systems, Las Vegas, NV, 2005. 

 

Wu, J., Zhou, J., Ma, J., Mei, S., & Ren, J. (2011). An Active Data Leakage Prevention Model for Insider Threat. 2011 2nd International Symposium on Intelligence Information Processing and Trusted Computing, 39–42. https://doi.org/10.1109/IPTC.2011.17 

 

Xiangyu, L., Qiuyang, L., & Chandel, S. (2017). Social Engineering and Insider Threats. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 25–34. https://doi.org/10.1109/CyberC.2017.91 

 

Yaseen, Q., & Panda, B. (2009). Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems. 2009 International Conference on Computational Science and Engineering, 450–455. https://doi.org/10.1109/CSE.2009.159 

 

Yaseen, Q., & Panda, B. (2010a). Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention. 2010 IEEE Second International Conference on Social Computing, 849–856. https://doi.org/10.1109/SocialCom.2010.128 

 

Yaseen, Q., & Panda, B. (2010b). Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention. 2010 IEEE Second International Conference on Social Computing, 849–856. https://doi.org/10.1109/SocialCom.2010.128 

 

Yaseen, Q., & Panda, B. (2012a). Mitigating Insider Threat without Limiting the Availability in Concurrent Undeclared Tasks. 2012 IEEE Sixth International Conference on Software Security and Reliability, 235–244. https://doi.org/10.1109/SERE.2012.36 

 

Yaseen, Q., & Panda, B. (2012b). Tackling Insider Threat in Cloud Relational Databases. 2012 IEEE Fifth International Conference on Utility and Cloud Computing, 215–218. https://doi.org/10.1109/UCC.2012.18 

 

Yeboah-Ofori, A., & Islam, S. (2019). Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet, 11(3), 63. https://doi.org/10.3390/fi11030063 

 

Yousef, D.A. (2000), “Organizational commitment: a mediator of the relationship leadership behavior with job satisfaction and performance in a non-western country”, Journal of Managerial Psychology, Vol. 15 No. 1, pp. 6-24. 

 

Yusop, Z. M., & Abawajy, J. H. (2014). Analysis of Insiders Attack Mitigation Strategies. Procedia - Social and Behavioral Sciences, 129, 611–618. https://doi.org/10.1016/j.sbspro.2014.06.002 

 

Zafar, F., Khan, A., Suhail, S., Ahmed, I., Hameed, K., Khan, H. M., Jabeen, F., & Anjum, A. (2017). Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes. Journal of Network and Computer Applications, 94, 50–68. https://doi.org/10.1016/j.jnca.2017.06.003 

  

 

 


This material may be protected under Copyright Act which governs the making of photocopies or reproductions of copyrighted materials.
You may use the digitized material for private study, scholarship, or research.

Back to previous page
Installed and configured by Bahagian Automasi, Perpustakaan Tuanku Bainun, Universiti Pendidikan Sultan Idris
If you have enquiries, kindly contact us at pustakasys@upsi.edu.my or 016-3630263. Office hours only.