Leaking Confidential Information by Non-Malicious User Behavior in Enterprise Systems - Design of an Empirical Study
Hadasch, Frank
;
Müller, Benjamin
;
Maedche, Alexander
URL:
|
http://aisel.aisnet.org/mcis2011/126/
|
Dokumenttyp:
|
Konferenzveröffentlichung
|
Erscheinungsjahr:
|
2011
|
Buchtitel:
|
Proceedings of the 6th Mediterranean Conference on Information Systems (MCIS 2011)
|
Seitenbereich:
|
Paper 126
|
Veranstaltungsort:
|
Limassol, Cyprus
|
Veranstaltungsdatum:
|
September 3 – 5, 2011
|
Ort der Veröffentlichung:
|
Atlanta, Ga.
|
Verlag:
|
AISeL
|
Sprache der Veröffentlichung:
|
Englisch
|
Einrichtung:
|
Außerfakultäre Einrichtungen > Institut für Enterprise Systems (InES) Fakultät für Betriebswirtschaftslehre > Wirtschaftsinformatik IV (Mädche 2009-2015)
|
Fachgebiet:
|
650 Management
|
Abstract:
|
Information assets of enterprises are vulnerable to theft and require protection to avoid information leakage to unauthorized parties. Current technical countermeasures to protect confidential information fall too short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study is in progress and investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the enterprise context, technological infrastructure, activities and user behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with expert interviews. In the first phase informants will be data security consultants, in the second phase company’s data security officers will be interviewed and finally narratives are collected from end users of Enterprise Systems. We employ grounded theory as an approach to analyze data and to formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.
|
Zusätzliche Informationen:
|
Online Ressource
|
| Dieser Eintrag ist Teil der Universitätsbibliographie. |
Suche Autoren in
Sie haben einen Fehler gefunden? Teilen Sie uns Ihren Korrekturwunsch bitte hier mit: E-Mail
Actions (login required)
|
Eintrag anzeigen |
|
|