Leaking Confidential Information by Non-Malicious User Behavior in Enterprise Systems - Design of an Empirical Study


Hadasch, Frank ; Müller, Benjamin ; Maedche, Alexander



URL: http://aisel.aisnet.org/mcis2011/126/
Dokumenttyp: Konferenzveröffentlichung
Erscheinungsjahr: 2011
Buchtitel: Proceedings of the 6th Mediterranean Conference on Information Systems (MCIS 2011)
Seitenbereich: Paper 126
Veranstaltungsort: Limassol, Cyprus
Veranstaltungsdatum: September 3 – 5, 2011
Ort der Veröffentlichung: Atlanta, Ga.
Verlag: AISeL
Sprache der Veröffentlichung: Englisch
Einrichtung: Außerfakultäre Einrichtungen > Institut für Enterprise Systems (InES)
Fakultät für Betriebswirtschaftslehre > Wirtschaftsinformatik IV (Mädche 2009-2015)
Fachgebiet: 650 Management
Abstract: Information assets of enterprises are vulnerable to theft and require protection to avoid information leakage to unauthorized parties. Current technical countermeasures to protect confidential information fall too short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study is in progress and investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the enterprise context, technological infrastructure, activities and user behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with expert interviews. In the first phase informants will be data security consultants, in the second phase company’s data security officers will be interviewed and finally narratives are collected from end users of Enterprise Systems. We employ grounded theory as an approach to analyze data and to formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.
Zusätzliche Informationen: Online Ressource




Dieser Eintrag ist Teil der Universitätsbibliographie.




Metadaten-Export


Zitation


+ Suche Autoren in

+ Aufruf-Statistik

Aufrufe im letzten Jahr

Detaillierte Angaben



Sie haben einen Fehler gefunden? Teilen Sie uns Ihren Korrekturwunsch bitte hier mit: E-Mail


Actions (login required)

Eintrag anzeigen Eintrag anzeigen