The Risk of Risk Analysis: And its relation to the Economics of Insider Threats

Christian W. Probst, Jeffrey Hunker

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    Insider threats to organisational information security are widely viewed as an important concern, but little is understood as to the pattern of their occurrence. We outline an argument for explaining what originally surprised us: that many practitioners report that their organisations take basic steps to prevent insider attacks, but do not attempt to address more serious attacks. We suggest that an understanding of the true cost of additional policies to control insider threats, and the dynamic nature of potential insider threats together help explain why this observed behaviour is economically rational. This conclusion also suggests that further work needs to be done to understand how better to change underlying motivations of insiders, rather than simply focus on controlling and monitoring their behaviour.
    Original languageEnglish
    Title of host publicationProceedings of The Eighth Workshop on the Economics of Information Security
    Publication date2009
    Publication statusPublished - 2009
    EventThe Eighth Workshop on the Economics of Information Security -
    Duration: 1 Jan 2009 → …

    Conference

    ConferenceThe Eighth Workshop on the Economics of Information Security
    Period01/01/2009 → …

    Fingerprint Dive into the research topics of 'The Risk of Risk Analysis: And its relation to the Economics of Insider Threats'. Together they form a unique fingerprint.

    Cite this