Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment
Unintentional insider threats (UITs) are one of the biggest issues that can weaken the security defence of the organization. Studies have shown existing technical security countermeasures alone are insufficient especially when it deals with human errors. A total of 311 questionnaires were collect...
Saved in:
| id |
my-usim-ddms-13349 |
|---|---|
| record_format |
uketd_dc |
| institution |
Universiti Sains Islam Malaysia |
| collection |
USIM Institutional Repository |
| language |
en_US |
| topic |
Computer crimes--Prevention Information technology--Security measures Computer networks--Access control Employee crimes--Prevention |
| spellingShingle |
Computer crimes--Prevention Information technology--Security measures Computer networks--Access control Employee crimes--Prevention Zainab. A. A.Abdelsadeq Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment |
| description |
Unintentional insider threats (UITs) are one of the biggest issues that can weaken the
security defence of the organization. Studies have shown existing technical security
countermeasures alone are insufficient especially when it deals with human errors. A
total of 311 questionnaires were collected from Information Technology Executives of
the Small Medium Enterprises (SMEs) in Malaysia to determine the contributing
factors and the likelihood of UITs. Quantitative data was analyzed using SPSS. The
results showed majority of the respondents alleged that their organizations were very
likely to have faced threats with 634 (34.2%), 442 (23.9%) believed that their
organizations were likely to confront this threats. While 172 (9.3%) were most likely
to have faced such threats. Ignorance and negligence (27%), situation awareness
(26%) and human error (22%) were the most contributing factors of UIT in Malaysian
SMEs. The survey showed that multi layered defensive approaches including policies,
procedures, awareness, attention to sociology, psychology aspects together with
automated defence tools are important to fight with the “people issue. Single approach
of countermeasure can only addresses some aspects of human errors but not all. Thus
the objective of this study is to propose a model that consists of mixed approaches that
can be used as countermeasures to UITs in Malaysian’s SMEs. The initial version of
the proposed model was developed by combining the existing countermeasures that
have been suggested in the literatures. In the second stage, the proposed model was
evaluated by expert-based judgement through Delphi method to reach acceptable level
of experts’ consensus and remove any uncertainty in the model. Five (5) experts with
the composition of 3 practitioners and 2 academicians have evaluated the model with
two-round questionnaire. Based on the evaluation, the results indicated that the
experts have reach mutual consensus with mean scores more than 75% in term of the
theoretical validity, usability and readability and understandability of the model. Since
countermeasure is a security control used to protect the confidentiality, integrity, and
availability of data and information systems and it should be available at every layer
of the stack, it is hoped that the model can be used as a guideline by the organizations
to improve their existing UIT countermeasures and indirectly strengthen their
strategic, operational as well as financial of the organization. |
| format |
Thesis |
| author |
Zainab. A. A.Abdelsadeq |
| author_facet |
Zainab. A. A.Abdelsadeq |
| author_sort |
Zainab. A. A.Abdelsadeq |
| title |
Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment |
| title_short |
Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment |
| title_full |
Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment |
| title_fullStr |
Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment |
| title_full_unstemmed |
Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment |
| title_sort |
unintentional insider threats countermeasure model (uitcm) in reducing internal threat environment |
| granting_institution |
Universiti Sains Islam Malaysia |
| url |
https://oarep.usim.edu.my/bitstreams/3f632cd3-19ea-4f1e-a21f-ebb14cfcdf1c/download https://oarep.usim.edu.my/bitstreams/ac2e7178-0ca1-4ad8-8936-16f7fe5db677/download https://oarep.usim.edu.my/bitstreams/3da45707-10eb-46c8-a400-1e5eeec30f63/download https://oarep.usim.edu.my/bitstreams/c51978b5-4277-470c-938b-b5dcd09a6126/download https://oarep.usim.edu.my/bitstreams/edd53c5e-c0be-4391-8c15-6f8d91435ed3/download https://oarep.usim.edu.my/bitstreams/3f491ce8-555e-4043-90d5-c737c988951c/download https://oarep.usim.edu.my/bitstreams/3e952c91-a479-439c-b6c2-663a701684c7/download https://oarep.usim.edu.my/bitstreams/e63c8a78-d98b-4bcd-80e8-d3edbd1e8f64/download https://oarep.usim.edu.my/bitstreams/345e589c-c9dc-4523-ab22-eb1b61b89277/download |
| _version_ |
1812444753910824960 |
| spelling |
my-usim-ddms-133492024-05-29T18:59:07Z Unintentional Insider Threats Countermeasure Model (UITCM) in Reducing Internal Threat Environment Zainab. A. A.Abdelsadeq Unintentional insider threats (UITs) are one of the biggest issues that can weaken the security defence of the organization. Studies have shown existing technical security countermeasures alone are insufficient especially when it deals with human errors. A total of 311 questionnaires were collected from Information Technology Executives of the Small Medium Enterprises (SMEs) in Malaysia to determine the contributing factors and the likelihood of UITs. Quantitative data was analyzed using SPSS. The results showed majority of the respondents alleged that their organizations were very likely to have faced threats with 634 (34.2%), 442 (23.9%) believed that their organizations were likely to confront this threats. While 172 (9.3%) were most likely to have faced such threats. Ignorance and negligence (27%), situation awareness (26%) and human error (22%) were the most contributing factors of UIT in Malaysian SMEs. The survey showed that multi layered defensive approaches including policies, procedures, awareness, attention to sociology, psychology aspects together with automated defence tools are important to fight with the “people issue. Single approach of countermeasure can only addresses some aspects of human errors but not all. Thus the objective of this study is to propose a model that consists of mixed approaches that can be used as countermeasures to UITs in Malaysian’s SMEs. The initial version of the proposed model was developed by combining the existing countermeasures that have been suggested in the literatures. In the second stage, the proposed model was evaluated by expert-based judgement through Delphi method to reach acceptable level of experts’ consensus and remove any uncertainty in the model. Five (5) experts with the composition of 3 practitioners and 2 academicians have evaluated the model with two-round questionnaire. Based on the evaluation, the results indicated that the experts have reach mutual consensus with mean scores more than 75% in term of the theoretical validity, usability and readability and understandability of the model. Since countermeasure is a security control used to protect the confidentiality, integrity, and availability of data and information systems and it should be available at every layer of the stack, it is hoped that the model can be used as a guideline by the organizations to improve their existing UIT countermeasures and indirectly strengthen their strategic, operational as well as financial of the organization. Universiti Sains Islam Malaysia 2023-03 Thesis en_US https://oarep.usim.edu.my/handle/123456789/13349 https://oarep.usim.edu.my/bitstreams/729006ef-314a-41b2-958b-f60ddd44ad1a/download 68b329da9893e34099c7d8ad5cb9c940 https://oarep.usim.edu.my/bitstreams/d8a6e754-1e69-4090-b17c-5310cc96559a/download f7dbb4131784e4553a9bf578e2abcb5c https://oarep.usim.edu.my/bitstreams/ce2a5c57-5496-43c0-bc38-6abe8c36a5f2/download bf8a14320bdf7541ee9b56893608892f https://oarep.usim.edu.my/bitstreams/bd9c0809-640e-45ed-b692-e6e1aabc4bf3/download 2837322646c4b70e1135e92dfa1fe188 https://oarep.usim.edu.my/bitstreams/20611a5b-9789-49ed-bddf-94c53a323c34/download 0d1f1de7836ebffef23492f30b405a93 https://oarep.usim.edu.my/bitstreams/71b5029a-b41c-4e0b-b00e-b4b8b21778e0/download 698f01e219427aadfddf28bc493e9a65 https://oarep.usim.edu.my/bitstreams/172c2575-ff2e-4c9c-97b8-003c2ed2e3cf/download 5718b8baa1d4157d314302b3cb9e27e9 https://oarep.usim.edu.my/bitstreams/c23922a9-18f8-4335-9533-5bbe735fa573/download 3e2864bf82a245eb60a69400200dbb04 https://oarep.usim.edu.my/bitstreams/e6faf7f7-d6ff-48cc-a3c1-72443e9ccd91/download 21eb1f01b217b2232d21531a42493aa9 https://oarep.usim.edu.my/bitstreams/3f632cd3-19ea-4f1e-a21f-ebb14cfcdf1c/download 52e6b2ac3e5d04af73af27907f872ea6 https://oarep.usim.edu.my/bitstreams/ac2e7178-0ca1-4ad8-8936-16f7fe5db677/download e512e6182c1770ecea7347c51d009975 https://oarep.usim.edu.my/bitstreams/3da45707-10eb-46c8-a400-1e5eeec30f63/download fb653d7a1b9b979a925f3f1250559b26 https://oarep.usim.edu.my/bitstreams/c51978b5-4277-470c-938b-b5dcd09a6126/download 3a7c1163b5ec75d12514df2835b0a346 https://oarep.usim.edu.my/bitstreams/edd53c5e-c0be-4391-8c15-6f8d91435ed3/download 822ec831b9bf27ee944bfd669560c1aa https://oarep.usim.edu.my/bitstreams/3f491ce8-555e-4043-90d5-c737c988951c/download bff59639d84756492d577eae25ffa539 https://oarep.usim.edu.my/bitstreams/3e952c91-a479-439c-b6c2-663a701684c7/download cf5f1e26c681d3fdfa5623c94155baa5 https://oarep.usim.edu.my/bitstreams/e63c8a78-d98b-4bcd-80e8-d3edbd1e8f64/download c3527524682b8aa1332234332bdad7e5 https://oarep.usim.edu.my/bitstreams/345e589c-c9dc-4523-ab22-eb1b61b89277/download 2061652f50f7c7402663bd077f9207f4 https://oarep.usim.edu.my/bitstreams/da108195-5045-4f21-b92b-f13d0ddacf43/download 8a4605be74aa9ea9d79846c1fba20a33 Computer crimes--Prevention Information technology--Security measures Computer networks--Access control Employee crimes--Prevention |