Leaking confidential information by non-malicious user behavior in Enterprise Systems - an empirical study


Hadasch, Frank ; Maedche, Alexander ; Müller, Benjamin


[img]
Preview
PDF
InES_Working_Paper_No1.pdf_1.pdf - Published

Download (137kB)

URL: https://ub-madoc.bib.uni-mannheim.de/3172
URN: urn:nbn:de:bsz:180-madoc-31726
Document Type: Working paper
Year of publication: 2011
The title of a journal, publication series: Working Paper Series in Information Systems
Volume: 000
Place of publication: Mannheim
Publication language: English
Institution: Außerfakultäre Einrichtungen > Institut für Enterprise Systems (InES)
Business School > Wirtschaftsinformatik IV (Mädche -2015)
MADOC publication series: Area Information Systems and Institute for Enterprise Systems > Working Paper Series in Information Systems
Subject: 330 Economics
Classification: JEL:
Subject headings (SWD): Computersicherheit , Kryptologie , Softwareschwachstelle
Keywords (English): Computer Security , Security Incident , Data Leakage , Enterprise System
Abstract: Information assets of enterprises are vulnerable to theft and need to be protected to avoid information leakage to unauthorized parties. Technical countermeasures to protect confidential information fall to short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the context, activities, and behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with interviews. In the first phase informants will be security consultants for Enterprise Systems, in the second phase company’s security managers will be interviewed and finally narratives are collected from end users. We employ the grounded theory approach to analyze the data and formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.
Additional information:

Dieser Eintrag ist Teil der Universitätsbibliographie.

Das Dokument wird vom Publikationsserver der Universitätsbibliothek Mannheim bereitgestellt.




Metadata export


Citation


+ Search Authors in

+ Download Statistics

Downloads per month over past year

View more statistics



You have found an error? Please let us know about your desired correction here: E-Mail


Actions (login required)

Show item Show item