Computer Security , Security Incident , Data Leakage , Enterprise System
Abstract:
Information assets of enterprises are vulnerable to theft and need to be protected to avoid information leakage to unauthorized parties. Technical countermeasures to protect confidential information fall to short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the context, activities, and behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with interviews. In the first phase informants will be security consultants for Enterprise Systems, in the second phase company’s security managers will be interviewed and finally narratives are collected from end users. We employ the grounded theory approach to analyze the data and formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.
Zusätzliche Informationen:
Dieser Eintrag ist Teil der Universitätsbibliographie.
Das Dokument wird vom Publikationsserver der Universitätsbibliothek Mannheim bereitgestellt.
![[img]](https://madoc.bib.uni-mannheim.de/style/images/fileicons/application_pdf.png)
Suche Autoren in