Leaking Confidential Information by Non-Malicious User Behavior in Enterprise Systems - Design of an Empirical Study


Hadasch, Frank ; Müller, Benjamin ; Maedche, Alexander



URL: http://aisel.aisnet.org/mcis2011/126/
Document Type: Conference or workshop publication
Year of publication: 2011
Book title: Proceedings of the 6th Mediterranean Conference on Information Systems (MCIS 2011)
Page range: Paper 126
Location of the conference venue: Limassol, Cyprus
Date of the conference: September 3 – 5, 2011
Place of publication: Atlanta, Ga.
Publishing house: AISeL
Publication language: English
Institution: Außerfakultäre Einrichtungen > Institut für Enterprise Systems (InES)
Business School > Wirtschaftsinformatik IV (Mädche 2009-2015)
Subject: 650 Management
Abstract: Information assets of enterprises are vulnerable to theft and require protection to avoid information leakage to unauthorized parties. Current technical countermeasures to protect confidential information fall too short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study is in progress and investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the enterprise context, technological infrastructure, activities and user behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with expert interviews. In the first phase informants will be data security consultants, in the second phase company’s data security officers will be interviewed and finally narratives are collected from end users of Enterprise Systems. We employ grounded theory as an approach to analyze data and to formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.
Additional information: Online Ressource




Dieser Eintrag ist Teil der Universitätsbibliographie.




Metadata export


Citation


+ Search Authors in

+ Page Views

Hits per month over past year

Detailed information



You have found an error? Please let us know about your desired correction here: E-Mail


Actions (login required)

Show item Show item