Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment
Unintentional insider threats (UITs) are one of the biggest issues that can weaken the security defence of the organization. Studies have shown existing technical security countermeasures alone are insufficient especially when it deals with human errors. A total of 311 questionnaires were collect...
Saved in:
Summary: | Unintentional insider threats (UITs) are one of the biggest issues that can weaken the
security defence of the organization. Studies have shown existing technical security
countermeasures alone are insufficient especially when it deals with human errors. A
total of 311 questionnaires were collected from Information Technology Executives of
the Small Medium Enterprises (SMEs) in Malaysia to determine the contributing
factors and the likelihood of UITs. Quantitative data was analyzed using SPSS. The
results showed majority of the respondents alleged that their organizations were very
likely to have faced threats with 634 (34.2%), 442 (23.9%) believed that their
organizations were likely to confront this threats. While 172 (9.3%) were most likely
to have faced such threats. Ignorance and negligence (27%), situation awareness
(26%) and human error (22%) were the most contributing factors of UIT in Malaysian
SMEs. The survey showed that multi layered defensive approaches including policies,
procedures, awareness, attention to sociology, psychology aspects together with
automated defence tools are important to fight with the “people issue. Single approach
of countermeasure can only addresses some aspects of human errors but not all. Thus
the objective of this study is to propose a model that consists of mixed approaches that
can be used as countermeasures to UITs in Malaysian’s SMEs. The initial version of
the proposed model was developed by combining the existing countermeasures that
have been suggested in the literatures. In the second stage, the proposed model was
evaluated by expert-based judgement through Delphi method to reach acceptable level
of experts’ consensus and remove any uncertainty in the model. Five (5) experts with
the composition of 3 practitioners and 2 academicians have evaluated the model with
two-round questionnaire. Based on the evaluation, the results indicated that the
experts have reach mutual consensus with mean scores more than 75% in term of the
theoretical validity, usability and readability and understandability of the model. Since
countermeasure is a security control used to protect the confidentiality, integrity, and
availability of data and information systems and it should be available at every layer
of the stack, it is hoped that the model can be used as a guideline by the organizations
to improve their existing UIT countermeasures and indirectly strengthen their
strategic, operational as well as financial of the organization. |
---|