This article critically examines the insider threat in organizations in the context of electronic information exchanges. The current data loss threat model primarily focuses on the criminal outsider, often viewing the insider threat as ‘outsiders by proxy’. This perspective shapes the relationship between the worker and the workplace in information security policy. The article deconstructs ‘the insider’ into various risk profiles, including the well-meaning insider, and concludes with suggestions for the building blocks of information security policy around the insider.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Evaluating the awareness of security among users plays a critical role in safeguarding Industrial Control Systems...