Enemies Within: Redefining the Insider Threat in Organizational Security Policy

Security Journal, April 2013, 26(2) 107-124

24 Pages Posted: 7 Sep 2012 Last revised: 8 Apr 2013

See all articles by David S. Wall

David S. Wall

University of Leeds, Centre for Criminal Justice Studies

Date Written: March 19, 2012

Abstract

The critical importance of electronic information exchanges in the daily operation of most large modern organizations is causing them to broaden their security provision to include the custodians of exchanged data – the insiders. The prevailing data loss threat model mainly focuses upon the criminal outsider and mainly regards the insider threat as ‘outsiders by proxy,’ thus shaping the relationship between the worker and workplace in information security policy. Policy, that increasingly takes the form of social policy for the information age as it acquires the power to include and exclude sections of society and potentially to re-stratify it? This article draws upon empirical sources to critically explore the insider threat in organizations. It looks at the prevailing threat model before deconstructing ‘the insider’ into various risk profiles, including the well-meaning insider, before drawing conclusions about what the building blocks of information security policy around the insider might be.

Suggested Citation

Wall, David S., Enemies Within: Redefining the Insider Threat in Organizational Security Policy (March 19, 2012). Security Journal, April 2013, 26(2) 107-124. Available at SSRN: https://ssrn.com/abstract=2143264

David S. Wall (Contact Author)

University of Leeds, Centre for Criminal Justice Studies ( email )

School of Law, Liberty Building
University of Leeds
Leeds, West Yorkshire LS2 9JT
United Kingdom
+44 113 343 9575 (Phone)

HOME PAGE: http://www.law.leeds.ac.uk/people/staff/wall/

Register to save articles to
your library

Register

Paper statistics

Downloads
141
rank
201,769
Abstract Views
603
PlumX Metrics