Workarounds as Means to Identify Insider Threats to Information Systems Security

Pierre-Emmanuel Arduin () and Dragos Vieru
Additional contact information
Pierre-Emmanuel Arduin: DRM - Dauphine Recherches en Management - Université Paris Dauphine-PSL - PSL - Université Paris Sciences et Lettres - CNRS - Centre National de la Recherche Scientifique
Dragos Vieru: TELUQ - Université Téluq

Post-Print from HAL

Abstract: Workarounds represent deliberate actions of employees in contrast with the prescribed practices and organizations generally perceive them as unwanted processes. Workarounds may lead to information systems (IS) security policy violations, notably when prescribed practices lead employees to face obstacles in accomplishing their daily tasks. Such behavior generates new insider threats to IS security. In this article, we adopt the view that workarounds may enable the identification of new security threats. We propose a conceptual model that illustrates how workarounds generating non-malicious security violations might constitute sources of knowledge about new security threats.

Keywords: Workarounds; Insider threat; Security policy; Non-malicious security violation (search for similar items in EconPapers)
Date: 2017-08
Note: View the original document on HAL open archive server: https://hal.science/hal-01637912v1
References: View references in EconPapers View complete reference list from CitEc
Citations:

Published in Association for Information Systems, Aug 2017, Boston, United States

Downloads: (external link)
https://hal.science/hal-01637912v1/document (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:hal:journl:hal-01637912

Access Statistics for this paper

More papers in Post-Print from HAL
Bibliographic data for series maintained by CCSD ().