The purpose of this research is to identify the factors that influence organizational insiders to violate information security policies. There are numerous accounts of successful malicious activities conducted by employees and internal users of organizations. Researchers and organizations have begun looking at methods to reduce or mitigate the insider threat problem. Few proposed methods and models to identify, deter, and prevent the insider threat are based on empirical data. Additionally, few studies have focused on the targets or goals of the insider with organizational control as a foundation. From a target perspective, an organization might be able to control the outcome of a malicious insider threat attack.
This research applied a criminology lens as an organization policy violation is, or resembles, a criminal activity. This research uses the Routine Activities Theory (RAT) as a guide to develop a theoretical model. The adoption of RAT was for its focus on the target and the protective controls, while still taking into account the motivated offender. The study identified the components of the model concerning insider threats, espionage, and illicit behavior related to information systems through literature. This led to the development of 10 hypotheses regarding the relationships of key factors that influence malicious insider activity. Data was collected using a scenario-based survey, which allowed for impartial responses from a third-person perspective. This technique has become popular in the field of criminology, as the effects of social desirability, acceptance, or repudiation will not be a concern. A pilot test verified the survey's ability to collect the appropriate data. The research employed Structural Equation Modeling (SEM) and Confirmatory Factor Analysis (CFA) techniques to analyze and evaluate the data. SEM and CFA techniques identified the fit of the model and the factors that influence information security policy violations. The result of the analysis provided criteria to accept the hypotheses and to identify key factors that influence insider Information System policy violations. This research identified the relationships and the level of influence between each factor.
| Identifer | oai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1137 |
| Date | 01 January 2012 |
| Creators | Doss, Gary |
| Publisher | NSUWorks |
| Source Sets | Nova Southeastern University |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | CEC Theses and Dissertations |
Page generated in 0.0021 seconds