This article critically examines the insider threat in organizations in the context of electronic information exchanges. The current data loss threat model primarily focuses on the criminal outsider, often viewing the insider threat as ‘outsiders by proxy’. This perspective shapes the relationship between the worker and the workplace in information security policy. The article deconstructs ‘the insider’ into various risk profiles, including the well-meaning insider, and concludes with suggestions for the building blocks of information security policy around the insider.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....