To read this content please select one of the options below:

A canonical analysis of intentional information security breaches by insiders

Jordan Shropshire (Information Technology Department, Georgia Southern University, Statesboro, Georgia, USA)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 9 October 2009

1766

Abstract

Purpose

The paper focuses on intentional information security breaches by insiders. The purpose is to assess the relationship between insiders' backgrounds and motivations and their deviant behaviors. Two outcome variables, information technology (IT) espionage and IT sabotage, are correlated with four predictors, financial changes, relationship strains, substance abuse, and job changes.

Design/methodology/approach

Some 62 cases of intentional information security breaches by insiders are examined using canonical analysis.

Findings

The results indicate that a significant relationship exists between financial hardship, relationship strains, and the theft and sale of proprietary data by insiders; and recent firings, substance abuse, and relationship strains are related to information system sabotage.

Research limitations/implications

Because little or no research has been conducted on this topic, there is a lack of validated measures for variables associated with information security. Thus, the measures used in this paper are necessarily simplistic. Because few organizations report information security weaknesses, the sample is relatively small.

Practical implications

In the majority of cases included in this paper, it is found that the insider convey a number of warning signs before committing the security breach. After reading this paper, diligent managers should be able to identify potential security breaches.

Originality/value

This is one of the first studies to explore insider security breaches using canonical analysis.

Keywords

Citation

Shropshire, J. (2009), "A canonical analysis of intentional information security breaches by insiders", Information Management & Computer Security, Vol. 17 No. 4, pp. 296-310. https://doi.org/10.1108/09685220910993962

Publisher

:

Emerald Group Publishing Limited

Copyright © 2009, Emerald Group Publishing Limited

Related articles