出版社:International Association for Computer Information Systems
摘要:Insiders are trusted individuals in an organizat ion, such as current or former employees, contractors, consultants, or vendors (Keeney et al., 2005; Steele and Wargo, 2007). Insiders pose a threat to the security of information due to their intimate knowledge of an organization's internal operations, processes, data, systems, or other resources (Steele and Wargo, 2007). Because trusted individuals have the power to violate one or more rules in a security policy, an insider threat occurs either (1) through the violation of a security policy using legitimate access, and/or (2) through violation of an access control policy by obtaining unauthorized access (Bishop, 2005; Bishop and Gates, 2008).