The development of insider threat prevention framework within organization

Bibliographic Details
Main Author: Rahimah Mohamad Zuwita@Abu Bakar
Format: Thesis
Language:English
Published: 2023
Subjects:
HD Industries. Land use. Labor
Online Access:https://ir.upsi.edu.my/detailsg.php?det=12112
Abstract Abstract here
_version_ 1855626293090975744
author Rahimah Mohamad Zuwita@Abu Bakar
author_facet Rahimah Mohamad Zuwita@Abu Bakar
author_sort Rahimah Mohamad Zuwita@Abu Bakar
description
format Thesis
id upsi-12112
institution Universiti Pendidikan Sultan Idris
language English
publishDate 2023
record_format sWADAH
record_pdf Restricted
spelling upsi-121122025-04-16 The development of insider threat prevention framework within organization 2023 Rahimah Mohamad Zuwita@Abu Bakar HD Industries. Land use. Labor <p>Issues related to insider threat in organization have been actively debated over the</p><p>years. Despite the probability, they have a higher rate of success, can go</p><p>undetected, and therefore pose a much greater risk than external adversaries. Due</p><p>to those circumstances, a protective and preventive measure becomes a pitch</p><p>demand to prevent any harm caused by malicious insiders. A framework has been</p><p>developed based on a survey conducted. There are five objectives posed in this</p><p>research; (1) To identify factors that trigger/motivate insiders to attack an</p><p>organizations data (2) To determine the relationship between security behaviours</p><p>and the appraisal process in Protection Motivation Theory (3) To determine the</p><p>degrees of relevance of these identified reflective factors to Protection Motivation</p><p>Theory (4) To develop a framework based on the result synthesized from data</p><p>analysis (5) To verify the applicability of the proposed framework through expert</p><p>judgement. The research adopted a quantitative research approach that utilizes</p><p>surveys to gather data from approximately 250 respondents. Structural Equation</p><p>Modeling (SEM) analysis was employed for data analysis. The results strongly</p><p>supported all hypotheses, recording the p-values ranging from 0 to 1. Furthermore,</p><p>the findings underscore the significance of organizational factors in preventing</p><p>insider threats within an organization. This insight is particularly valuable for</p><p>academics who aim to develop theories and gather empirical evidence related to</p><p>behavioral information security, especially considering the potential applicability of</p><p>these findings in various organizational settings. As far as the amount of</p><p>standardized path weights is concerned, reaction efficacy is by far the most</p><p>important factor influencing insiders' desire to defend their companies from</p><p>information security risks.</p> 2023 thesis https://ir.upsi.edu.my/detailsg.php?det=12112 https://ir.upsi.edu.my/detailsg.php?det=12112 text eng N/A openAccess Doctoral Perpustakaan Tuanku Bainun Fakulti Komputeran dan META-Teknologi <p>Aarthi, D., & Indira, N. (2016). Enabling efficient and protected sharing of data in cloud computing. 2016 International Conference on Information Communication and Embedded Systems (ICICES), 15. https://doi.org/10.1109/ICICES.2016.7518876</p><p></p><p>Abdi, H., Edelman, B., Valentin, D., & Dowling, W.J. (2009). Experimental design and analysis for Psychology. Oxford: Oxford University Press.</p><p></p><p>Abidin, Z. Z., Abas, Z. A., Zakaria, N. A., Hashim, N. A., Mardaid, E., Ahmad, R., & Puvanasvaran, A. P. (2019). Conceptual Model of Risk Assessment for Insider Threats Detection. 2019 1st International Conference on Electrical, Control and Instrumentation Engineering (ICECIE), 16. https://doi.org/10.1109/ICECIE47765.2019.8974723</p><p></p><p>Adams, L. L. M., & Gale, D. (1982). "Solving the quandary between questionnaire length and response rate in educational research," Research in Higher Education (17:3), pp 231-240.</p><p></p><p>AeranAnkur, Comprehensive overview of INSIDER THREATS and their controls,2006.www.cccure.org/Documents./InsiderThreatsReport.pdf</p><p></p><p>Agrafiotis, I., Nurse, J. R., Buckley, O., Legg, P., Creese, S., & Goldsmith, M. (2015). Identifying attack patterns for insider threat detection. Computer Fraud & Security, 2015(7), 917. https://doi.org/10.1016/S1361-3723(15)30066-X</p><p></p><p>Ahmadian, M., Plochan, F., Roessler, Z., & Marinescu, D. C. (2017). SecureNoSQL: An approach for secure search of encrypted NoSQL databases in the public cloud. International Journal of Information Management, 37(2), 6374. https://doi.org/10.1016/j.ijinfomgt.2016.11.005</p><p></p><p>Albrechtsen, E., & Hovden, J. (2009). The information security digital divide between information security managers and users. Computers and Security, 28, 6 (2009), 476490.</p><p></p><p>Ali, M., Dhamotharan, R., Khan, E., Khan, S. U., Vasilakos, A. V., Li, K., & Zomaya, A. Y. (2017). SeDaSC: Secure Data Sharing in Clouds. IEEE Systems Journal, 11(2), 395404. https://doi.org/10.1109/JSYST.2014.2379646</p><p></p><p>AlKilani, H., Nasereddin, M., Hadi, A., & Tedmori, S. (2019). Data Exfiltration Techniques and Data Loss Prevention System. 2019 International Arab Conference on Information Technology (ACIT), 124127. https://doi.org/10.1109/ACIT47987.2019.8991131</p><p></p><p>Allen, M. D., Chapman, A., Seligman, L., & Blaustein, B. (2011). Provenance for Collaboration: Detecting Suspicious Behaviors and Assessing Trust in Information. Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing. 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing, Orlando, United States. https://doi.org/10.4108/icst.collaboratecom.2011.247131</p><p></p><p>Althebyan, Q., Mohawesh, R., Yaseen, Q., & Jararweh, Y. (2015). Mitigating insider threats in a cloud using a knowledgebase approach while maintaining data availability. 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 226231. https://doi.org/10.1109/ICITST.2015.7412094</p><p></p><p>Althebyan, Q., & Panda, B. (2007). A Knowledge-Base Model for Insider Threat Prediction. 2007 IEEE SMC Information Assurance and Security Workshop, 239246. https://doi.org/10.1109/IAW.2007.381939</p><p></p><p>Al-Mhiqani, M. N., Ahmad, R., Zainal Abidin, Z., Yassin, W., Hassan, A., Abdulkareem,K. H., Ali, N. S., & Yunos, Z. (2020). A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations. Applied Sciences, 10(15), 5208. https://doi.org/10.3390/app10155208</p><p></p><p>Al-Omari, A., Deokar, A., El-Gayar, O., Walters, J., & Aleassa, H. (2013). Information Security Policy Compliance: An Empirical Study of Ethical Ideology. 2013 46th Hawaii International Conference on System Sciences, 30183027. https://doi.org/10.1109/HICSS.2013.272</p><p></p><p>Ambre, A., & Shekokar, N. (2015). Insider Threat Detection Using Log Analysis and Event Correlation. Procedia Computer Science, 45, 436445. https://doi.org/10.1016/j.procs.2015.03.175</p><p></p><p>Ashwin Kumar, T. K., Liu, H., Thomas, J. P., & Hou, X. (2017). Content sensitivity based access control framework for Hadoop. Digital Communications and Networks, 3(4), 213225. https://doi.org/10.1016/j.dcan.2017.07.007</p><p></p><p>Atkinson, P., & Hammersley, M. (1994). "Ethnographyand participant observation," Handbook of qualitative research. Thou-sand Oaks, CA: Sage.</p><p></p><p>Axelrad, E. T., Sticha, P. J., Brdiczka, O., & Jianqiang Shen. (2013). A Bayesian Network Model for Predicting Insider Threats. 2013 IEEE Security and Privacy Workshops, 8289. https://doi.org/10.1109/SPW.2013.35</p><p></p><p>Ayday, E., & Fekri, F. (2010). A protocol for data availability in Mobile Ad-Hoc Networks in the presence of insider attacks. Ad Hoc Networks, 8(2), 181192. https://doi.org/10.1016/j.adhoc.2009.07.001</p><p></p><p>Ajzen, I. (1988). Attitudes, personality, and behavior. Chicago: Dorsey Press.</p><p></p><p>Ajzen, I., IQ Driver, B. E. (in press, a). Application of the theory of planned behavior to leisure choice. Journal of Leisure Research.</p><p></p><p>Ajzen, I., & Driver, B. L. (in press, b.) Prediction of leisure participation from behavioral, normative, and control beliefs: An application of the theory of planned behavior. Journal of Leisure Sciences.</p><p></p><p>Ajzen, I. (1991). The Theory of Planned Behavior. Organizational Behavior and Human Decision Processes 50, 179-211 (1991)</p><p></p><p>Azaria, A., Richardson, A., Kraus, S., & Subrahmanian, V. S. (2014). Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data. IEEE Transactions on Computational Social Systems, 1(2), 135155. https://doi.org/10.1109/TCSS.2014.2377811</p><p></p><p>Bandura, A. (1982). Self-efficacy mechanism in human agency. American Psychologist, 37(2), 122147. https://doi.org/10.1037/0003-066X.37.2.122</p><p></p><p>Babin, B.J. and Boles, J.S. (1996), The effects of perceived co-worker involvement and supervisor support on service provider role stress, performance, and job satisfaction, Journal of Retailing, Vol. 72 No. 1, pp. 57-75.</p><p></p><p>Babu, B. M., & Bhanu, M. S. (2015). Prevention of Insider Attacks by Integrating Behavior Analysis with Risk based Access Control Model to Protect Cloud. Procedia Computer Science, 54, 157166. https://doi.org/10.1016/j.procs.2015.06.018</p><p></p><p>Bachman, R., Paternoster, R., & Ward, S. (1992). The rationality of sexual offending: Testing a deterrence/rational choice conception of sexual assault. Law and Society Review, 26, 343-372.</p><p></p><p>Bae, K., You, I., Yim, K., & Son, T. (2012). A Secure Secondary Backup Storage with an Isolated Authentication. 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 122125. https://doi.org/10.1109/IMIS.2012.195</p><p></p><p>Bagozzi, R. P., Yi, Y., & Phillips, L. W. (1991). "Assessing construct validity in organizational research," Administrative science quarterly (36:3), pp 421-458.</p><p></p><p>BaMaung, D., McIlhatton, D., MacDonald, M., & Beattie, R. (2018). The Enemy Within? The Connection between Insider Threat and Terrorism. Studies in Conflict & Terrorism, 41(2), 133150. https://doi.org/10.1080/1057610X.2016.1249776</p><p></p><p>Baugh, S.G. and Roberts, R.M. (1994), Professional and organizational commitment among engineer: conflicting or complementary?, IEEE Transactions on Engineering Management, Vol. 41 No. 2, pp. 108-14.</p><p></p><p>Beharelle, A. R., & Small, S. L. (2016). Imaging Brain Networks for Language. In Neurobiology of Language (pp. 805814). Elsevier. https://doi.org/10.1016/B978-0-12-407794-2.00064-XBhattacherjee, A. (2012). "Social Science Research: principles, methods, and practices," USF Tampa Bay Open Access Textbooks Collection. Book 3. http://scholarcommons.usf.edu/oa_textbooks/3.</p><p></p><p>Bhagat, R. S. and Beehr, T. A. (1984). An evaluative summary and recommendations for future research. In: Beehr, T. A. and Bhagat, R. S. (Eds) Human Stress and Cognition in Organizations: An Integrated Perspective, John Wiley Interscience, New York.</p><p></p><p>Bishop, M., Conboy, H. M., Huong Phan, Simidchieva, B. I., Avrunin, G. S., Clarke, L. A., Osterweil, L. J., & Peisert, S. (2014). Insider Threat Identification by Process Analysis. 2014 IEEE Security and Privacy Workshops, 251264. https://doi.org/10.1109/SPW.2014.40</p><p></p><p>Bishop, M., Gates, C., Frincke, D., & Greitzer, F. L. (2009). AZALIA: An A to Z assessment of the likelihood of insider attack. 2009 IEEE Conference on Technologies for Homeland Security, 385392. https://doi.org/10.1109/THS.2009.5168063</p><p></p><p>Blasco, J., Hernandez-Castro, J. C., Tapiador, J. E., & Ribagorda, A. (2012). Bypassing information leakage protection with trusted applications. Computers & Security, 31(4), 557568. https://doi.org/10.1016/j.cose.2012.01.008</p><p></p><p>Block, L. G. & Keller, P. A. (1995). When to accentuate the negative: The effects of perceived efficacy and message framing on intentions to perform a health-related behavior. Journal of Marketing Research, 32, 2 (1995), 192-203.</p><p></p><p>Bockarjova, M., & Steg, L. (2014). Can Protection Motivation Theory predict pro-environmental behavior? Explaining the adoption of electric vehicles in the Netherlands. Global Environmental Change, 28, 276288. https://doi.org/10.1016/j.gloenvcha.2014.06.010</p><p></p><p>Brodsky, A., Farkas, C., & Jajodia, S. (2000). Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Transactions on Knowledge and Data Engineering, 12(6), 900919. https://doi.org/10.1109/69.895801</p><p></p><p>Brehmer, B. (1987). Note of the subjects' hypotheses in multiple-cue probability learning. organizational Behaviour and Human Decision processes, 40, 323-329</p><p></p><p>Brown, C. R., Watkins, A., & Greitzer, F. L. (2013). Predicting Insider Threat Risks through Linguistic Analysis of Electronic Communication. 2013 46th HawaiiInternational Conference on System Sciences, 18491858. https://doi.org/10.1109/HICSS.2013.453</p><p></p><p>Burdon, M., Siganto, J., & Coles-Kemp, L. (2016). The regulatory challenges of Australian information security practice. Computer Law & Security Review, 32(4), 623633. https://doi.org/10.1016/j.clsr.2016.05.004</p><p></p><p>Burns, A. J., Posey, C., Roberts, T. L., & Benjamin Lowry, P. (2017). Examining the relationship of organizational insiders psychological capital with information security threat and coping appraisals. Computers in Human Behavior, 68, 190209. https://doi.org/10.1016/j.chb.2016.11.018</p><p></p><p>Brunswik, E. (1943). Organismic achievement and environmental probability. Psychological Review, 50, 255-272</p><p></p><p>Brunswik, E. (1956). Perception and the representative design of psychological experiments. Berkeley, Calif, : University of California Press</p><p></p><p>Bryman, A., & Bell, E. (2011). Business Research Methods 3e, Oxford university press.</p><p></p><p>Bryman, A., & Cramer, D. (2009). Quantitative data analysis with SPSS 14, 15 and 16: A guide for social scientists, Routledge New York, NY.</p><p></p><p>Carroll, M. D. (2006). Information security: Examining and managing the insider threat. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development - InfoSecCD 06, 156. https://doi.org/10.1145/1231047.1231082</p><p></p><p>Cattell, R. (2012). The scientific use of factor analysis in behavioral and life sciences, Springer Science & Business Media</p><p></p><p>Cavana, R. Y., Delahaye, B. L., & Sekaran, U. (2001). Applied Business Research: Qualitative and Quantitative Methods (1st ed.). US & Australia: John Wiley & Sons Australia, Ltd</p><p></p><p>Chagarlamudi, M., Panda, B., & Hu, Y. (2009). Insider Threat in Database Systems: Preventing Malicious Users Activities in Databases. 2009 Sixth International Conference on Information Technology: New Generations, 16161620. https://doi.org/10.1109/ITNG.2009.67</p><p></p><p>Chandel, S., Yu, S., Yitian, T., Zhili, Z., & Yusheng, H. (2019). Endpoint Protection: Measuring the Effectiveness of Remediation Technologies and Methodologies for Insider Threat. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 8189. https://doi.org/10.1109/CyberC.2019.00023</p><p></p><p>Charmaz, K. (2000). Grounded theory: Objectivist and constructivist methods. In N. K. Denzin & Y. S. Lincoln (Eds.), Handbook of qualitative research (2nd ed., pp. 509-536). Thousand Oaks, CA: Sage.</p><p></p><p>Chattopadhyay, P., Wang, L., & Tan, Y.-P. (2018). Scenario-Based Insider Threat Detection From Cyber Activities. IEEE Transactions on Computational Social Systems, 5(3), 660675. https://doi.org/10.1109/TCSS.2018.2857473</p><p></p><p>Chen, Y., Nyemba, S., Zhang, W., & Malin, B. (2011). Leveraging social networks to detect anomalous insider actions in collaborative environments. Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics, 119124. https://doi.org/10.1109/ISI.2011.5984061</p><p></p><p>Choi, J.N. (2007). Change oriented organizational citizenship behavior: Effects of work environment characteristics and intervening psychological processes. Journal of Organizational Behavior, 28, 4 (2007), 467484.</p><p></p><p>Chung, S. H., Schwager, P. H., & Turner, D. E. (2002) "An Empirical Study of Students' Computer Self-Efficacy: Differences among Four Academic Disciplines at a Large University," The Journal of Computer Information Systems (42:4) 2002, pp. 1-6.</p><p></p><p>hurchill Jr, G. A. (1979). "A paradigm for developing better measures of marketing constructs," Journal of Marketing Research (16:1), pp 64-73.</p><p></p><p>C. I. T. Team, Unintentional insider threats: A review of phishing and malware incidents by economic sector, https://resources.sei.cmu.edu/asset_files/TechnicalNote/2014_004_001_297777.pdf, 2014, (Accessed on 11/06/2017)</p><p></p><p>Ciriani, V., Vimercati, S. D. C. di, Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2009). Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases. 2009 29th IEEE International Conference on Distributed Computing Systems, 3239. https://doi.org/10.1109/ICDCS.2009.52</p><p></p><p>Ciriani, V., Vimercati, S. D. C. D., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2010). Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security, 13(3), 133. https://doi.org/10.1145/1805974.1805978</p><p></p><p>Claycomb, W. R., Huth, C. L., Phillips, B., Flynn, L., & McIntire, D. (2013). Identifying indicators of insider threats: Insider IT sabotage. 2013 47th International Carnahan Conference on Security Technology (ICCST), 15. https://doi.org/10.1109/CCST.2013.6922038</p><p></p><p>Cohen, J. 1960. A coeffisient for agreement for nominal scales. Educational danPsychological Measurement, 37-46.</p><p></p><p>Compeau, D., Higgins, C. A., & Huff, S. (1999). "Social Cognitive Theory and Individual Reactions to Computing Technology: A Longitudinal Study," MIS Quarterly (23:2) 1999, pp. 145-158.</p><p></p><p>Compeau, D. R., & Higgins, C. A. (1995). "Application of Social Cognitive Theory to Training for Computer Skills," Information Systems Research (6:2) 1995, pp. 118-143.</p><p></p><p>Cost of Insider Threats Global Report, Observer IT. 2020. Available online: https://www.observeit.com/costof-insider-threats (accessed on 25 June 2020</p><p></p><p>Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods approaches, Sage.</p><p></p><p>Cronbach, L. J., & Meehl, P. E. (1955). "Construct validity in psychological tests," Psychological bulletin (52:4), p 281.</p><p></p><p>Crossler, R., & Blanger, F. (2014). An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 45(4), 5171. https://doi.org/10.1145/2691517.2691521</p><p></p><p>Daly, A. (2018). The introduction of data breach notification legislation in Australia: A comparative view. Computer Law & Security Review, 34(3), 477495. https://doi.org/10.1016/j.clsr.2018.01.005</p><p></p><p>Damm, W. & Harel, D. (2001). LSCs: Breathing life into message sequence charts. J. on Formal Methods in System Design, 19(1):4580, 2001.</p><p></p><p>De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., & Samarati, P. (2014). Fragmentation in Presence of Data Dependencies. IEEE Transactions on Dependable and Secure Computing, 11(6), 510523. https://doi.org/10.1109/TDSC.2013.2295798</p><p></p><p>Devellis, R. F. (2003). Scale Development: Theory and Applications Second Edition SAGE.</p><p></p><p>Di Vimercati, S. D. C., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2008). Controlled Information Sharing in Collaborative Distributed Query Processing. 2008 The 28th International Conference on Distributed Computing Systems, 303310. https://doi.org/10.1109/ICDCS.2008.62</p><p></p><p>Dey, I. (1999).Grounding grounded theory: Guidelines for qualitative inquiry. San Diego, CA: Academic Press.</p><p></p><p>Dia, O. A., & Farkas, C. (2015). Risk Aware Query Replacement Approach for Secure Databases Performance Management. IEEE Transactions on Dependable and Secure Computing, 12(2), 217229. https://doi.org/10.1109/TDSC.2014.2306675</p><p></p><p>Diamantopoulos, A., & Winklhofer, H. M. (2001). "Index construction with formative indicators: An alternative to scale development," Journal of marketing research (38:2), pp 269-277.</p><p></p><p>Dietzel, S., Petit, J., Heijenk, G., & Kargl, F. (2013). Graph-Based Metrics for Insider Attack Detection in VANET Multihop Data Dissemination Protocols. IEEETransactions on Vehicular Technology, 62(4), 15051518. https://doi.org/10.1109/TVT.2012.2236117</p><p></p><p>Domingo-Ferrer, J., Farrs, O., Ribes-Gonzlez, J., & Snchez, D. (2019). Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges. Computer Communications, 140141, 3860. https://doi.org/10.1016/j.comcom.2019.04.011</p><p></p><p>Dou, Z., Khalil, I., Khreishah, A., & Al-Fuqaha, A. (2018). Robust Insider Attacks Countermeasure for Hadoop: Design and Implementation. IEEE Systems Journal, 12(2), 18741885. https://doi.org/10.1109/JSYST.2017.2669908</p><p></p><p>Dunkerley, K. D., & Tejay, G. (2011). A Confirmatory Analysis of Information Systems Security Success Factors. 2011 44th Hawaii International Conference on System Sciences, 110. https://doi.org/10.1109/HICSS.2011.5</p><p></p><p>Dommeyer, C.J., P., Baum, K. Chapman, and R.W. Hanna, 2002. Attitudes of business faculty towards two methods of collecting teaching evaluations: paper vs. online. Assessment and Evaluation in Higher Education 27, no. 5: 455462</p><p></p><p>Downs, C.W., Downs, A., Potvin, T., Varona, F., Gribas, J.S. and Ticehurst, W. (1995),A cross-cultural comparison of relationships between organizational commitment and organizational communication, paper presented at the International Communication Association Convention, Albuquerque, New Mexico, May.</p><p></p><p>Eassey, J. M., & Boman, J. H. (2015). Deterrence Theory. In W. G. Jennings (Ed.), The Encyclopedia of Crime and Punishment (pp. 16). John Wiley & Sons, Inc. https://doi.org/10.1002/9781118519639.wbecpx115</p><p></p><p>Elmrabit, N., Yang, S.-H., & Yang, L. (2015). Insider threats in information security categories and approaches. 2015 21st International Conference on Automation and Computing (ICAC), 16. https://doi.org/10.1109/IConAC.2015.7313979</p><p></p><p>Far, S. B., & Alagheband, M. R. (2018). Analysis and Improvement of a Lightweight Anonymous Authentication Protocol for Mobile Pay-TV Systems. 2018 9th International Symposium on Telecommunications (IST), 466473. https://doi.org/10.1109/ISTEL.2018.8661064</p><p></p><p>Farkas, C., Brodsky, A., & Jajodia, S. (2006). Unauthorized inferences in semistructured databases. Information Sciences, 176(22), 32693299. https://doi.org/10.1016/j.ins.2006.01.004</p><p></p><p>Fleiss, J. L. (1971) "Measuring nominal scale agreement among many raters." Psychological Bulletin, Vol. 76, No. 5 pp. 378382</p><p></p><p>Fleiss, J. L. (1981) Statistical methods for rates and proportions. 2nd ed. (New York: John Wiley) pp. 3846</p><p></p><p>Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A Meta-Analysis of Research on Protection Motivation Theory. Journal of Applied Social Psychology, 30(2), 407429. https://doi.org/10.1111/j.1559-1816.2000.tb02323.x</p><p></p><p>Flynn, L., Huth, C., Trzeciak, R., & Buttles, P. (2012). Best practices against insider threats for all nations. 2012 Third Worldwide Cybersecurity Summit (WCS), 18. https://doi.org/10.1109/WCS.2012.6780874</p><p></p><p>Folkman, S., Lazarus, R. S., Dunkel-Schetter, C., DeLongis, A., & Gruen, R. J. (1986). Dynamics of a stressful encounter: Cognitive appraisal, coping, and encounter outcomes. Journal of Personality and Social Psychology, 50(5), 992-1003</p><p></p><p>Fornell, C., & Larcker, D. F. (1981). "Evaluating structural equation models with unobservable variables and measurement error," Journal of marketing research, pp 39-50.</p><p></p><p>Fralicx, R.D. and Bolster, C.J. (1997), ``Commentary preventing culture shock: organizations' harmonious blend of values, styles is key to long-term merger success'',Modern Healthcare, pp. 48-59.</p><p></p><p>Frank, J. C., Frank, S. M., Thurlow, L. A., Kroeger, T. M., Miller, E. L., & Long, D. D. E. (2015). Percival: A searchable secret-split datastore. 2015 31st Symposium on Mass Storage Systems and Technologies (MSST), 112. https://doi.org/10.1109/MSST.2015.7208296</p><p></p><p>Franqueira, V. N. L., Cleeff, A. van, Eck, P. van, & Wieringa, R. (2010). External Insider Threat: A Real Security Challenge in Enterprise Value Webs. 2010 InternationalConference on Availability, Reliability and Security, 446453. https://doi.org/10.1109/ARES.2010.40</p><p></p><p>Fridman, L., Weber, S., Greenstadt, R., & Kam, M. (2017). Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location. IEEE Systems Journal, 11(2), 513521. https://doi.org/10.1109/JSYST.2015.2472579</p><p></p><p>Froehle, C. M., & Roth, A. V. (2004). "New measurement scales for evaluating perceptions of the technology-mediated customer service experience," Journal of Operations Management (22:1), pp 1-21.</p><p></p><p>Fyffe, G. (2008). Addressing the insider threat. Network Security, 2008(3), 1114. https://doi.org/10.1016/S1353-4858(08)70031-X</p><p></p><p>Gable, G. G. (1994). "Integrating case study and survey research methods: an example in information systems," European Journal of Information Systems (3:2), pp 112-126.</p><p></p><p>Garfinkel, R., Gopal, R., & Rice, D. (2006). New Approaches to Disclosure Limitation While Answering Queries to a Database: Protecting Numerical Confidential Data against Insider Threat Based on Data or Algorithms. Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS06), 125a125a. https://doi.org/10.1109/HICSS.2006.359</p><p></p><p>Garfinkel, Robert, Gopal, R., & Goes, P. (2002). Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat. Management Science, 48(6), 749764. https://doi.org/10.1287/mnsc.48.6.749.193</p><p></p><p>Garner, B. A. Blacks Law Dictionary, Seventh Edition. St. Paul, MN: West Group, 1999</p><p></p><p>Gaseb, A., Nathan, C., Fudong, L., & Furnell, S. (2018). The Current Situation of Insider Threats Detection: An Investigative Review. 2018 21st Saudi Computer Society National Computer Conference (NCC), 17. https://doi.org/10.1109/NCG.2018.8592986</p><p></p><p>Glaser, B. G., & Strauss, A. L. (1967).Discovery of grounded theory: Strategies for qualitative research. Chicago: Aldine.</p><p></p><p>Glasser, J., & Lindauer, B. (2013). Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data. 2013 IEEE Security and Privacy Workshops, 98104. https://doi.org/10.1109/SPW.2013.37</p><p></p><p>Goodman.S.N. (1993). P Values, Hypothesis Tests, and Likelihood: Implications for Epidemiology of a Neglected Historical Debate. American Journal of Epidemiology. Volume (137), Number 5.</p><p></p><p>Goryczka, S., Xiong, L., & Fung, B. C. M. (2014). \(m\) -Privacy for Collaborative Data Publishing. IEEE Transactions on Knowledge and Data Engineering, 26(10), 25202533. https://doi.org/10.1109/TKDE.2013.18</p><p></p><p>Graen, G. Instrumentality Theory of work motivation: Some experimental results and suggested modifications. Journal of Applied Psychology Monograph, 1969, 53, 1-25.</p><p></p><p>Green D.M., Swets, J.A. (1966). Signal detection theory and psychophysics. New York Wiley.</p><p></p><p>Greitzer, F. L., & Ferryman, T. A. (2013). Methods and Metrics for Evaluating Analytic Insider Threat Tools. 2013 IEEE Security and Privacy Workshops, 9097. https://doi.org/10.1109/SPW.2013.34</p><p></p><p>Greitzer, F. L., Strozer, J., Cohen, S., Bergey, J., Cowley, J., Moore, A., & Mundie, D. (2014). Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies. 2014 47th Hawaii International Conference on System Sciences, 20252034. https://doi.org/10.1109/HICSS.2014.256</p><p></p><p>Guo, H., Li, Y., Liu, A., & Jajodia, S. (2006). A fragile watermarking scheme for detecting malicious modifications of database relations. Information Sciences, 176(10), 13501378. https://doi.org/10.1016/j.ins.2005.06.003</p><p></p><p>Gupta, R., Tanwar, S., Tyagi, S., & Kumar, N. (2020). Machine Learning Models for Secure Data Analytics: A taxonomy and threat model. Computer Communications, 153, 406440. https://doi.org/10.1016/j.comcom.2020.02.008</p><p></p><p>Guri, M., Puzis, R., Choo, K.-K. R., Rubinshtein, S., Kedma, G., & Elovici, Y. (2019). Using malware for the greater good: Mitigating data leakage. Journal of Network and Computer Applications, 145, 10240https://doi.org/10.1016/j.jnca.2019.07.006</p><p></p><p>Grasmick, H. G., & Bursik, R. J. (1990). Conscience, significant others, and rational choice:Extending the deterrence model. Law & Society Review, 24, 837-861.</p><p></p><p>Grasmick, H. G., Bursik, R. J., & Kinsey, K. A. (1991). Shame and embarrassment as deterrents to noncompliance with the law: The case of an antilittering campaign. Environment & Behavior, 23, 233-251.</p><p></p><p>Grasmick, H. G., Tittle, C. R., Bursik, R. J., & Arneklev, B. J. (1993). Testing the core empirical implications of Gottfredson and Hirschi's general theory of crime. Journal of Research in Crime and Delinquency, 30, 5-29.</p><p></p><p>Hammond, K. R. & Joyce, C. R. B. (Eds.). (1975). Psychoactive drugs and social judgment. New York: Wiley Interscience.</p><p></p><p>Harel, D. & Marelly, R. (2003). Come, Lets Play: Scenario-Based Programming Using LSCs and the Play-Engine. Springer, 2003.</p><p></p><p>Hass, J. Bagley,G. & Rogers R. (1975). Coping with the energy crisis: effects of fear appeals upon attitudes toward energy consumption, The Journal of Applied Psychology 60 (1975) 754756.</p><p></p><p>Heneman H. G., & Schwab, D. P. Evaluation of research on expectancy theory prediction of employee performance. Psychological Bulletin, 1972, 78, 1-9.</p><p></p><p>Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of InformatioSystems, 18(2), 106125. https://doi.org/10.1057/ejis.2009.6</p><p></p><p>Higgins, G. E. , Wilson, A. L., & Fell, B. D. (2005). An Application of Deterrence Theory to Software Piracy Journal of Criminal Justice and Popular Culture, 12 (3), 166-184.</p><p></p><p>Hines, C., & Youssef, A. (2019). Class Balancing for Fraud Detection in Point Of Sale Systems. 2019 IEEE International Conference on Big Data (Big Data), 47304739. https://doi.org/10.1109/BigData47090.2019.9006040</p><p></p><p>Hinkin, T. R., & Schriesheim, C. A. (1989). "Development and application of new scales to measure the French and Raven (1959) bases of social power," Journal of Applied Psychology (74:4), p 561.</p><p></p><p>Ho, S. M., Hancock, J. T., Booth, C., Burmester, M., Liu, X., & Timmarajus, S. S. (2016). Demystifying Insider Threat: Language-Action Cues in Group Dynamics. 2016 49th Hawaii International Conference on System Sciences (HICSS), 27292738. https://doi.org/10.1109/HICSS.2016.343</p><p></p><p>Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., & Ochoa, M. (2019). Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures. ACM Computing Surveys, 52(2), 140. https://doi.org/10.1145/3303771</p><p></p><p>Honeycutt, E.D., Karade, K., Attia, A. and Maurer, S.D. (2001), A utility based framework for evaluating the financial impact of sales force training programs, Journal of Personal Selling & Sales Management, Vol. 21, pp. 229-38.</p><p></p><p>Hsieh, C.-H., Lai, C.-M., Mao, C.-H., Kao, T.-C., & Lee, K.-C. (2015). AD2: Anomaly detection on active directory log data for insider threat monitoring. 2015 International Carnahan Conference on Security Technology (ICCST), 287292. https://doi.org/10.1109/CCST.2015.7389698</p><p></p><p>Hu, Y., Frank, C., Walden, J., Crawford, E., & Kasturiratna, D. (2011). Profiling file repository access patterns for identifying data exfiltration activities. 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 122128. https://doi.org/10.1109/CICYBS.2011.5949404</p><p></p><p>Huang, X., Madoc, A. C., Sharma, D., & Farooq, N. (2007). Pseudo Random Binary Protecting On-line Data Communications against Insider Threat. The 9th International Conference on Advanced Communication Technology, 13471352. https://doi.org/10.1109/ICACT.2007.358607</p><p></p><p>Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247255. https://doi.org/10.1016/j.istr.2008.10.010</p><p></p><p>Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 8395. https://doi.org/10.1016/j.cose.2011.10.007</p><p></p><p>Ismail, W. B. W., & Yusof, M. (2018). Mitigation Strategies for Unintentional Insider Threats on Information Leaks. International Journal of Security and Its Applications, 12(1), 3746. https://doi.org/10.14257/ijsia.2018.12.1.03</p><p></p><p>Janmaimool, P. (2017). Application of Protection Motivation Theory to Investigate Sustainable Waste Management Behaviors. Sustainability, 9(7), 1079. https://doi.org/10.3390/su9071079</p><p></p><p>Jiang, J., Chen, J., Choo, K.-K. R., Liu, K., Liu, C., Yu, M., & Mohapatra, P. (2018). Prediction and Detection of Malicious Insiders Motivation Based on Sentiment Profile on Webpages and Emails. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 16. https://doi.org/10.1109/MILCOM.2018.8599790</p><p></p><p>Jiang, S., Smith, S., & Minami, K. (2001). Securing Web servers against insider attack. Seventeenth Annual Computer Security Applications Conference, 265276. https://doi.org/10.1109/ACSAC.2001.991542</p><p></p><p>Johnston & Warkentin. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 34(3), 549. https://doi.org/10.2307/25750691</p><p></p><p>Jones, G. R. (1983). Psychological orientation and the process of organizational socialization: An interactionist perspective, Academy of Management Review, 8,464474.</p><p></p><p>Kammuller, F., & Probst, C. W. (2014). Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis. 2014 IEEE Security and Privacy Workshops, 229235. https://doi.org/10.1109/SPW.2014.45</p><p></p><p>Katz, R. (1978). Job longetivity as a situational factor in job satisfaction, Administrative Science Quarterly, 23, 204-223.</p><p></p><p>Kelly, R. F., & Anderson, T. S. (2016). A vector relational data modeling approach to Insider threat intelligence (M. A. Kolodny & T. Pham, Eds.; p. 98310W). https://doi.org/10.1117/12.2224299</p><p></p><p>Killourhy, K. S., & Maxion, R. A. (2007). Toward Realistic and Artifact-Free Insider-Threat Data. Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 8796. https://doi.org/10.1109/ACSAC.2007.31</p><p></p><p>Kohlberg, L. (1969). Stage and sequence: The cognitive-developmen tal approach to socialization. In D. A. Goslin (Ed.), Handbook of socialization theory and research (pp. 347-480). Chicago: Rand McNally.</p><p></p><p>Kramer, M.W. (1999), Motivation to reduce uncertainty: a reconceptualization of uncertainty reduction theory, Management Communication Quarterly, Vol. 13 No. 2, pp. 305-16.</p><p></p><p>Kroeger, T. M., Frank, J. C., & Miller, E. L. (2013). The case for distributed data archival using secret splitting with Percival. 2013 6th International Symposium on Resilient Control Systems (ISRCS), 204209. https://doi.org/10.1109/ISRCS.2013.6623777</p><p></p><p>Kumar, P. R., Raj, P. H., & Jelciana, P. (2018). Exploring Data Security Issues and Solutions in Cloud Computing. Procedia Computer Science, 125, 691697. https://doi.org/10.1016/j.procs.2017.12.089</p><p></p><p>Kumari, A., Tanwar, S., Tyagi, S., Kumar, N., Parizi, R. M., & Choo, K.-K. R. (2019). Fog data analytics: A taxonomy and process model. Journal of Network and Computer Applications, 128, 90104. https://doi.org/10.1016/j.jnca.2018.12.013</p><p></p><p>Latane, B., & Darley, J. M. (1970). The unresponsive bystander: Why doesn't he help?. New \brk: Appleton-Century-Crofts.</p><p></p><p>Lam, J. C. Y., & Lee, M. K. O. (2006). "Digital Inclusiveness - Longitudinal Study of Internet Adoption by Older Adults," Journal of Management Information Systems (22:4) 2006, pp. 177-206.</p><p></p><p>Lawler, E. E. A Correlational-Causal Analysis of The Relationship Between Expectancy Attitudes And Job Performance. Journal O] Applied Psychology, 1968, 52, 462-468.</p><p></p><p>Lawler, E. E. Pay and Organizational Effectiveness: A Psychological View. New York: Mcgraw-Hill, 1971.</p><p></p><p>Lawler, E. E., Porter, L. W. Antecedent Attitudes of Effective Managerial Performance. Organizational Behavior and Human Performance, 1967, 2, 122-142.</p><p></p><p>Lawler, E- E., & Svttle, J. L. A causal correlational test of the need hierarchy concept. Organizational Behavior and Human Performance, 1972, 7, 265-287.</p><p></p><p>Le, M., Kant, K., & Jajodia, S. (2014). Consistency and enforcement of access rules in cooperative data sharing environment. Computers & Security, 41, 318. https://doi.org/10.1016/j.cose.2013.08.011</p><p></p><p>Lee, Y. (2011). Understanding anti-plagiarism software adoption: An extended protection motivation theory perspective. Decision Support Systems, 50(2), 361369. https://doi.org/10.1016/j.dss.2010.07.009</p><p></p><p>Leu, F.-Y., Tsai, K.-L., Hsiao, Y.-T., & Yang, C.-T. (2017). An Internal Intrusion Detection and Protection System by Using Data Mining and Forensic Techniques. IEEE Systems Journal, 11(2), 427438. https://doi.org/10.1109/JSYST.2015.2418434</p><p></p><p>Leventhal, H. (1970). Findings and theory in the study of fear communications. Advances in Experimental Social Psychology, 5(1970), 119-186.</p><p></p><p>Liu, A., Martin, C., Hetherington, T., & Matzner, S. (2005). A comparison of system call feature representations for insider threat detection. Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005., 340347. https://doi.org/10.1109/IAW.2005.1495972</p><p></p><p>Liu, L., De Vel, O., Chen, C., Zhang, J., & Xiang, Y. (2018). Anomaly-Based Insider Threat Detection Using Deep Autoencoders. 2018 IEEE International Conference on Data Mining Workshops (ICDMW), 3948. https://doi.org/10.1109/ICDMW.2018.00014</p><p></p><p>Lu, Y., Huang, X., Li, D., & Zhang, Y. (2018). Collaborative Graph-Based Mechanism for Distributed Big Data Leakage Prevention. 2018 IEEE Global Communications Conference (GLOBECOM), 17. https://doi.org/10.1109/GLOCOM.2018.8647746</p><p></p><p>MacKenzie, S. B., Podsakoff, P. M., & Podsakoff, N. P. (2011). "Construct measurement and validation procedures in MIS and behavioral research: integrating new and existing techniques," MIS Quarterly (35:2), pp 293-334.</p><p></p><p>Madden, T.J., Ellen, P.S., & Ajzen, I. (1992). A comparison of the Theory of Planned Behaviour and the Theory of Reasoned Action. PSPB, Vol 18 No1, February 1992 3-9</p><p></p><p>Magklaras, G. B., & Furnell, S. M. (2001). Insider Threat Prediction Tool: Evaluating the probability of IT misuse. Computers & Security, 21(1), 6273. https://doi.org/10.1016/S0167-4048(02)00109-8</p><p></p><p>Magklaras, G. B., & Furnell, S. M. (2005). A preliminary model of end user sophistication for insider threat prediction in IT systems. Computers & Security, 24(5), 371380. https://doi.org/10.1016/j.cose.2004.10.003</p><p></p><p>Maier, R. Psychology in Industry. Boston: Houghton-Mifflin, 1955. 2nd Ed.</p><p></p><p>Mandal, S., & Khan, D. A. (2019). A Dynamic Programming Approach to Secure User Image Data in Cloud Based ERP Systems. 2019 Fifth International Conference on Image Information Processing (ICIIP), 9196. https://doi.org/10.1109/ICIIP47207.2019.8985974</p><p></p><p>Mappus, R. L., & Briscoe, E. (2013). Layered behavioral trace modeling for threat detection. 2013 IEEE International Conference on Intelligence and Security Informatics, 173175. https://doi.org/10.1109/ISI.2013.6578813</p><p></p><p>Martin Fishbein (1974), "Factors Influencing Intentions and the Intention-Behavior Relation," Human Relations, 27 (January), 1-15.</p><p></p><p>Martin Fishbein (1977), "Attitude-Behavior Relations: A Theoretical Analysis and Review of Empirical Research," Psychological Bulletin, 84 (September),888-918.</p><p></p><p>Martin Fishbein (1980a), "Prediction of Goal Directed Behavior: Attitudes, Intentions, and Perceived Behavioral Control," Journal of Experimental Social Psychology, 22 (September), 453-474.</p><p></p><p>Martin Fishbein, eds. (1980b), Understanding Attitudes and Predicting Social Behavior, Englewood Cliffs, NJ: Prentice-Hall.</p><p></p><p>Martinez-Moyano, I. J., Samsa, M. E., Burke, J. F., & Akcam, B. K. (2008). Toward a Generic Model of Security in an Organizational Context: Exploring Insider Threats to Information Infrastructure. Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), 267267. https://doi.org/10.1109/HICSS.2008.456</p><p></p><p>Maruyama GM (1998) Basics of structural equation modelling. SagePublications, Inc., California</p><p></p><p>Mayhew, M., Atighetchi, M., Adler, A., & Greenstadt, R. (2015). Use of machine learning in big data analytics for insider threat detection. MILCOM 2015 - 2015 IEEE Military Communications Conference, 915922. https://doi.org/10.1109/MILCOM.2015.7357562</p><p></p><p>Mekonnen, S., Padayachee, K., & Meshesha, M. (2015). A Privacy Preserving Context-Aware Insider Threat Prediction and Prevention Model Predicated on the Components of the Fraud Diamond. 2015 Annual Global Online Conference on Information and Computer Technology (GOCICT), 6065. https://doi.org/10.1109/GOCICT.2015.20</p><p></p><p>Menard, P., Bott, G. J., & Crossler, R. E. (2017). User Motivations in Protecting Information Security: Protection Motivation Theory Versus Self-Determination Theory. Journal of Management Information Systems, 34(4), 12031230. https://doi.org/10.1080/07421222.2017.1394083</p><p></p><p>Menard, P., Gatlin, R., & Warkentin, M. (2014). Threat Protection and Convenience: Antecedents of Cloud-Based Data Backup. Journal of Computer Information Systems, 55(1), 8391. https://doi.org/10.1080/08874417.2014.11645743</p><p></p><p>Mohania, M., Ananthanarayanan, R., & Gupta, A. (2007). Some issues in privacy data management. Data & Knowledge Engineering, 63(3), 591596. https://doi.org/10.1016/j.datak.2007.03.003</p><p></p><p>Milgram, S. (1963). Behavioral study of obedience. Journal of Abnormal and Social Psychology, 67, 371-378.</p><p></p><p>Mischel, W, & Mischel, H. N. (1976). A cognitive-social learning approach to socialization and self-regulation. In T. Lickona (Ed.),Moral development and behavior: Theory, research, and social issues. New York: Holt.</p><p></p><p>Mischel, W. (1968). Personality and assessment. New York: Wiley.</p><p></p><p>Moore, A. P., Kennedy, K. A., & Dover, T. J. (2016). Introduction to the special issue on insider threat modeling and simulation. Computational and Mathematical Organization Theory, 22(3), 261272. https://doi.org/10.1007/s10588-016-9210-8</p><p></p><p>Morovati, K., Kadam, S., & Ghorbani, A. (2016). A network based document management model to prevent data extrusion. Computers & Security, 59, 7191. https://doi.org/10.1016/j.cose.2016.02.003</p><p></p><p>Mrema, E., & Kumar, V. (2018). Fine Grained Attribute Based Access Control of Healthcare Data. 2018 12th International Symposium on Medical Information and Communication Technology (ISMICT), 15. https://doi.org/10.1109/ISMICT.2018.8573699</p><p></p><p>Munshi, A., Dell, P., & Armstrong, H. (2012). Insider Threat Behavior Factors: A Comparison of Theory with Reported Incidents. 2012 45th Hawaii International Conference on System Sciences, 24022411. https://doi.org/10.1109/HICSS.2012.326</p><p></p><p>Musa, A., Abubakar, A., Gimba, U. A., & Rasheed, R. A. (2019). An Investigation into Peer-to-Peer Network Security Using Wireshark. 2019 15th International Conference on Electronics, Computer and Computation (ICECCO), 16. https://doi.org/10.1109/ICECCO48375.2019.9043236</p><p></p><p>Nagin, D. S. (1998). Deterrence and incapacitation. In M. H. Tonry (Ed.), Handbook of crime and punishment (pp. 345-368). Oxford, United Kingdom: Oxford University Press.</p><p></p><p>Nagin, D. S., & Paternoster, R. (1991). The preventive effects of the perceived risk of arrest: Testing an expanded conception of deterrence. Criminology, 29, 561-587.</p><p></p><p>Nagin, D. S., & Paternoster, R. (1993). Enduring individual differences and rational choice theories of crime. Law & Society Review, 27, 467-496.</p><p></p><p>Nagin, D. S., & Pogarsky, G. (2003). An experimental investigation of deterrence: Cheating, self-servicing bias, and impulsivity. Criminology, 41, 167-193.</p><p></p><p>Nagin, D. S., & Pogarsky, G. (2004). Time and punishment: Delayed consequences and criminal behavior. Journal of Quantitative Criminology, 20, 295-318.</p><p></p><p>Newell, C. E., Rosenfeld, P., Harris, R. N., & Hindelang, R. L. (2004). "Reasons for nonresponse on U.S. Navy surveys: a closer look," Military Psychology (16:4), pp 265-276.</p><p></p><p>Ng, B.-Y. A. Kankanhalli, & Xu,Y.(2009). Studying users' computer security behavior: a health belief perspective, Decision Support Systems 46 (4) (2009) 815825.</p><p></p><p>Nithiyanandam, C., Tamilselvan, D., Balaji, S., & Sivaguru, V. (2012). Advanced framework of defense system for prevetion of insiders malicious behaviors. 2012 International Conference on Recent Trends in Information Technology, 434438. https://doi.org/10.1109/ICRTIT.2012.6206788</p><p></p><p>Novikova, E. S., Bekeneva, Y. A., Volkov, A. A., & Shorov, A. V. (2018). Approach for the analysis of the contacts of the critical infrastructure employees. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), 347350. https://doi.org/10.1109/EIConRus.2018.8317103</p><p></p><p>Nulty, Duncan D. The adequacy of response rates to online and paper surveys: what can be done? Assessment & Evaluation in Higher Education: Vol. 33, No. 3, June 2008, 301-314</p><p></p><p>Nunnally, J. C., Bernstein, I. H., & Berge, J. M. t. (1967). Psychometric theory, New York: McGraw Hill.</p><p></p><p>O'Brien, H. L., & Toms, E. G. (2009). "The development and evaluation of a survey to measure user engagement," Journal of the American Society for Information Science and Technology (61:1), pp 50-69</p><p></p><p>Padayachee, K. (2013). A conceptual opportunity-based framework to mitigate the insider threat. 2013 Information Security for South Africa, 18. https://doi.org/10.1109/ISSA.2013.6641060</p><p></p><p>Pagliari, R., Ghosh, A., Gottlieb, Y. M., Chadha, R., Vashist, A., & Hadynski, G. (2015). Insider attack detection using weak indicators over network flow data. MILCOM 2015 - 2015 IEEE Military Communications Conference, 16. https://doi.org/10.1109/MILCOM.2015.7357409</p><p></p><p>Park, S. (2019). Why information security law has been ineffective in addressing security vulnerabilities: Evidence from California data breach notifications and relevant court and government records. International Review of Law and Economics, 58, 132145. https://doi.org/10.1016/j.irle.2019.03.007</p><p></p><p>Park, S., Ahmad, A., & Ruighaver, A. B. (2010). Factors Influencing the Implementation of Information Systems Security Strategies in Organizations. 2010 International Conference on Information Science and Applications, 16. https://doi.org/10.1109/ICISA.2010.5480261</p><p></p><p>Parveen, P., Mcdaniel, N., Weger, Z., Evans, J., Thuraisingham, B., Hamlen, K., & Khan, L. (2013). Evolving Insider Threat Detection Stream Mining Perspective. International Journal on Artificial Intelligence Tools, 22(05), 1360013. https://doi.org/10.1142/S0218213013600130</p><p></p><p>Parveen, P., Weger, Z. R., Thuraisingham, B., Hamlen, K., & Khan, L. (2011). Supervised Learning for Insider Threat Detection Using Stream Mining. 2011 IEEE 23rd International Conference on Tools with Artificial Intelligence, 10321039. https://doi.org/10.1109/ICTAI.2011.176</p><p></p><p>Paternoster, R. (1987). The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues. Justice Quarterly, 4, 173-217.</p><p></p><p>Pechmann,C. Zhao,G. Goldberg,M.E. & Reibling, E.T. (2003). What to convey in antismoking advertisements for adolescents: the use of protection motivation theory to identify effective message theme, Journal of Marketing 67 (2003, April) 118.</p><p></p><p>Ponemon Institute, LLC. Security of Cloud Computing Providers Study. 2011. Available online: http://www.ca.com/~{}/media/Files/IndustryResearch/security-of-cloud-computingproviders-final-april-2011.pdf (accessed on 11 June 2020)</p><p></p><p>Pogarsky, G. (2002). Identifying deterrable offenders: Implications for research on deterrence. Justice Quarterly, 19, 431-453.</p><p></p><p>Porcedda, M. G. (2018). Patching the patchwork: Appraising the EU regulatory framework on cyber security breaches. Computer Law & Security Review, 34(5), 10771098. https://doi.org/10.1016/j.clsr.2018.04.009</p><p></p><p>Porter, L.W.; Steers, R.M.; Mowday, R.T.; & Boulian, P.V. (1974). Organizational commitment, job satisfaction, and turnover among psychiatric technicians. Journal of Applied Psychology, 59, 5 (1974), 603609.</p><p></p><p>Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The Impact of Organizational Commitment on Insiders Motivation to Protect Organizational Information Assets. Journal of Management Information Systems, 32(4), 179214. https://doi.org/10.1080/07421222.2015.1138374</p><p></p><p>Price, J.L. (1997), Handbook of organizational measurement, International Journal of Manpower, Vol. 18 Nos 4/5/6, pp. 303-558.</p><p></p><p>Pritchett, P. and Pound, R. (1996), High Velocity Culture Change: A Handbook for Managers, Pritchett & Associates, Dallas, TX.</p><p></p><p>Privileged User Abuse & The Insider Threat. Ponemon Institute Research Report. May 2014. Available online: http://www.raytheoncyber.com/rtnwcm/groups/cyber/documents/content/rtn_257010.pdf (accessed on 11 June 2020)</p><p></p><p>Probst, C. W., & Hansen, R. R. (2009). Analysing Access Control Specifications. 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering, 2233. https://doi.org/10.1109/SADFE.2009.13</p><p></p><p>Putti, J.M., Aryee, S. and Phua, J. (1990), Communication relationship satisfaction and organizational commitment, Group & Organizational Studies, Vol. 15 No. 1, pp. 44-52.</p><p></p><p>Ragavan, H., & Panda, B. (2013). Mitigating Malicious Updates: Prevention of Insider Threat to Databases. 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 781788. https://doi.org/10.1109/TrustCom.2013.95</p><p></p><p>Ragit, S. M., & Badhiye, Sagar. S. (2016). Preserving privacy in collaborative data publishing from heterogeneity attack. 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), 14. https://doi.org/10.1109/STARTUP.2016.7583956</p><p></p><p>Ramachandran, R., Neelakantan, S., & Bidyarthy, A. S. (2011). Behavior model for detecting data exfiltration in network environment. 2011 IEEE 5th International Conference on Internet Multimedia Systems Architecture and Application, 15. https://doi.org/10.1109/IMSAA.2011.6156340</p><p></p><p>Randazzo, M. R., Keeney, M., Kowalski, E., Cappelli, D., & Moore, A. (n.d.). Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector. 37.</p><p></p><p>Recker, J. (2013). Scientific research in information systems: a beginner's guide, Springer: New York.</p><p></p><p>Recker, J. (2008). Understanding Process Modelling Grammar Continuance, Phd Thesis, Queensland University of Technology Brisbane.</p><p></p><p>Rizvi, S., Cover, K., & Gates, C. (2014). A Trusted Third-party (TTP) based Encryption Scheme for Ensuring Data Confidentiality in Cloud Environment. Procedia Computer Science, 36, 381386. https://doi.org/10.1016/j.procs.2014.09.009</p><p></p><p>Rodwell, J.J., Kienzle, R. and Shadur, M.A. (1998), The relationships among work-related perceptions, employee attitudes, and employee performance: the integral role of communication, Human Resource Management, Vol. 37 Nos 3/4, pp. 277-93.</p><p></p><p>Rogers, R. W. (1975). A Protection Motivation Theory of Fear Appeals and Attitude Change1. The Journal of Psychology, 91(1), 93114. https://doi.org/10.1080/00223980.1975.9915803</p><p></p><p>Rogers, R.W. (1983). Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation. In Cacioppo, J. & Petty, R. (Eds.) Social Psychophysiology: A Sourcebook.pg. 153 176. New York, New York: Guilford.</p><p></p><p>Rogers,R.W. & Prentice-Dunn, S.(1997). Protection motivation theory, in: D.S. Gochman (Ed.), Handbook of Health Behavior Research, I, Plenum, New York, 1997, pp. 113132.</p><p></p><p>Roy Sarkar, K. (2010). Assessing insider threats to information security using technical, behavioural and organisational measures. Information Security Technical Report, 15(3), 112133. https://doi.org/10.1016/j.istr.2010.11.002</p><p></p><p>Safa, N. S., Maple, C., Furnell, S., Azad, M. A., Perera, C., Dabbagh, M., & Sookhak, M. (2019). Deterrence and prevention-based model to mitigate information security insider threats in organisations. Future Generation Computer Systems, 97, 587597. https://doi.org/10.1016/j.future.2019.03.024</p><p></p><p>Safa, N. S., Maple, C., Watson, T., & Von Solms, R. (2018). Motivation and opportunity based model to reduce information security insider threats in organisations. Journal of Information Security and Applications, 40, 247257. https://doi.org/10.1016/j.jisa.2017.11.001</p><p></p><p>Santos, E., Nguyen, H., Yu, F., Kim, K. J., Li, D., Wilkinson, J. T., Olson, A., Russell, J., & Clark, B. (2012). Intelligence Analyses and the Insider Threat. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, 42(2), 331347. https://doi.org/10.1109/TSMCA.2011.2162500</p><p></p><p>Sarkar, A., Kohler, S., Ludascher, B., & Bishop, M. (2017). Insider Attack Identification and Prevention in Collection-Oriented Dataflow-Based Processes. IEEE Systems Journal, 11(2), 522533. https://doi.org/10.1109/JSYST.2015.2477472</p><p></p><p>Schlicher, B. G., MacIntyre, L. P., & Abercrombie, R. K. (2016). Towards Reducing the Data Exfiltration Surface for the Insider Threat. 2016 49th Hawaii International Conference on System Sciences (HICSS), 27492758. https://doi.org/10.1109/HICSS.2016.345</p><p></p><p>Sedera, D., Gable, G., & Chan, T. (2003). "Survey design: Insights from a public sector-ERP success study," in Pacific Asia Conference on Information Systems (PACIS): Adelaide, Australia, p. 41.</p><p></p><p>Sharghi, H., & Sartipi, K. (2016). A User Behavior-Based Approach to Detect the Insider Threat in Distributed Diagnostic Imaging Systems. 2016 IEEE 29th International Symposium on Computer-Based Medical Systems (CBMS), 300305. https://doi.org/10.1109/CBMS.2016.58</p><p></p><p>Sheppard, B. H., Hartwick, J., & Warshaw, P. R. (1988). The Theory of Reasoned Action: A Meta-Analysis of Past Research with Recommendations for Modifications and Future Research. the Journal of Consumer Research.</p><p></p><p>Sibai, F. M., & Menasce, D. A. (2012). Countering Network-Centric Insider Threats through Self-Protective Autonomic Rule Generation. 2012 IEEE Sixth International Conference on Software Security and Reliability, 273282. https://doi.org/10.1109/SERE.2012.40</p><p></p><p>Siponen & Vance. (2010). Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations. MIS Quarterly, 34(3), 487. https://doi.org/10.2307/25750688</p><p></p><p>Sokolowski, J. A., Banks, C. M., & Dover, T. J. (2016). An agent-based approach to modeling insider threat. Computational and Mathematical Organization Theory, 22(3), 273287. https://doi.org/10.1007/s10588-016-9220-6</p><p></p><p>Srivastava, P., Singh, S., Pinto, A. A., Verma, S., Chaurasiya, V. K., & Gupta, R. (2011). An architecture based on proactive model for security in cloud computing. 2011 International Conference on Recent Trends in Information Technology (ICRTIT), 661666. https://doi.org/10.1109/ICRTIT.2011.5972392</p><p></p><p>Stanton, J.M.; Stam, K.R.; Mastrangelo, P.M.; & Jolton, J.A.(2006). Behavioral information security: An overview, results, and research agenda. In P. Zhang and D.F. Galletta (eds.), HumanComputer Interaction and Management Information Systems: Foundations. Armonk, NY: M.E. Sharpe, 2006, pp. 262280.</p><p></p><p>Stemler, S. 1998. Investigating the practical applications of content analysis. http://www2.bc.edu/~stemler/contentanalysis.hmtl</p><p></p><p>Sticha, P. J., & Axelrad, E. T. (2016). Using dynamic models to support inferences of insider threat risk. Computational and Mathematical Organization Theory, 22(3), 350381. https://doi.org/10.1007/s10588-016-9209-1</p><p></p><p>Stolfo, S. J., Salem, M. B., & Keromytis, A. D. (2012). Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud. 2012 IEEE Symposium on Security and Privacy Workshops, 125128. https://doi.org/10.1109/SPW.2012.19</p><p></p><p>Straub, D., Boudreau, M.-C., & Gefen, D. (2004). "Validation guidelines for IS positivist research," Communications of the Association for Information Systems (13:24), pp 380-427.</p><p></p><p>Suresh, N. R., Malhotra, N., Kumar, R., & Thanudas, B. (2012). An integrated data exfiltration monitoring tool for a large organization with highly confidential data source. 2012 4th Computer Science and Electronic Engineering Conference (CEEC), 149153. https://doi.org/10.1109/CEEC.2012.6375395</p><p></p><p>Sutton, S. (1982). Fear-arousing communications: A critical examination of theory and research. In J. Eiser (Ed.), Social psychology and behavioral medicine (pp. 303-337). London, UK: John Wiley & Sons.</p><p></p><p>Tanner, J. F., Hunt, J. B., & Eppright, D. R. (1991). The Protection Motivation Model: A Normative Model of Fear Appeals. Journal of Marketing, 55(3), 3645. https://doi.org/10.1177/002224299105500304</p><p></p><p>Tapiador, J. E., & Clark, J. A. (2011). Masquerade mimicry attack detection: A randomised approach. Computers & Security, 30(5), 297310. https://doi.org/10.1016/j.cose.2011.05.004</p><p></p><p>Theoharidou, M., Kokolakis, S., Karyda, M., & Kiountouzis, E. (2005). The insider threat to information systems and the effectiveness of ISO17799. Computers & Security, 24(6), 472484. https://doi.org/10.1016/j.cose.2005.05.002</p><p></p><p>The Global State of Information Security. PWC, 2014. Available online: http://www.pwc.com/gx/en/consulting-services/information-security-survey/index.jhtml (accessed on 10 June 2020)</p><p></p><p>Thomas, J.P.,Whitman, D.S., & Viswesvaran, C. (2010).Employee proactivity in organizations: A comparative meta analysis of emergent proactive constructs. Journal of Occupational and Organizational Psychology, 83, 2 (2010), 275300.</p><p></p><p>Thompson, H. H., Whittaker, J. A., & Andrews, M. (2004). Intrusion detection. Computer Fraud & Security, 2004(1), 1315. https://doi.org/10.1016/S1361-3723(04)00018-1</p><p></p><p>Thompson, P. (2004). Weak models for insider threat detection (E. M. Carapezza, Ed.; p. 40). https://doi.org/10.1117/12.548178</p><p></p><p>Travers. J.C., Cook. B. C., & Cook.L (2017). Null Hypothesis Significance Testing and p Values. Learning Disabilities Research & Practice, 00(0), 18. The Division for Learning Disabilities of the Council for Exceptional ChildrenDOI: 10.1111/ldrp.12147</p><p></p><p>Ullah, F., Edwards, M., Ramdhany, R., Chitchyan, R., Babar, M. A., & Rashid, A. (2018). Data exfiltration: A review of external attack vectors and countermeasures. Journal of Network and Computer Applications, 101, 1854. https://doi.org/10.1016/j.jnca.2017.10.016</p><p></p><p>Vallerand, R. J., Deshaies P., Cuerrier, J. , Pelletier, L. G., & Mongeau, C. (1992) Ajzen and Fishbein's Theory of Reasoned Action as Applied to Moral Behavior: A Confirmatory Analysis Journal of Personality and Social Psychology, 1992, Vol. 62, No. 1, 98-109</p><p></p><p>Vance, A., Siponen, M., & Pahnila, S. (2009). How personality and habit affect protection motivation. Presented at Association of Information Systems SIGSEC Workshop on Information Security & Privacy (WISP 2009), Phoenix, AZ, USA, 2009, pp. 1-7.</p><p></p><p>Vemasani, P., Brodsky, A., & Ammann, P. (2014). Generating Test Data to Distinguish Conjunctive Queries with Equalities. 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops, 216221. https://doi.org/10.1109/ICSTW.2014.23</p><p></p><p>Vroom, V. H. Work and motivation. New York: Wiley, 1964.</p><p></p><p>Walker-Roberts, S., Hammoudeh, M., & Dehghantanha, A. (2018). A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure. IEEE Access, 6, 2516725177. https://doi.org/10.1109/ACCESS.2018.2817560</p><p></p><p>Wall, D. S. (2013). Enemies within: Redefining the insider threat in organizational security policy. Security Journal, 26(2), 107124. https://doi.org/10.1057/sj.2012.1</p><p></p><p>Wang, P. S., Lai, F., Hsiao, H.-C., & Wu, J.-L. (2016). Insider Collusion Attack on Privacy-Preserving Kernel-Based Data Mining Systems. IEEE Access, 4, 22442255. https://doi.org/10.1109/ACCESS.2016.2561019</p><p></p><p>Wang, Y. L., & Yang, S. C. (2014). A Method of Evaluation for Insider Threat. 2014 International Symposium on Computer, Consumer and Control, 438441. https://doi.org/10.1109/IS3C.2014.121</p><p></p><p>Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems, 18(2), 101105. https://doi.org/10.1057/ejis.2009.12</p><p></p><p>White, J., & Panda, B. (2010). Insider threat discovery using automatic detection of mission critical data based on content. 2010 Sixth International Conference on Information Assurance and Security, 5661. https://doi.org/10.1109/ISIAS.2010.5604187</p><p></p><p>Williams, P. A. H. (2008). In a trusting environment, everyone is responsible for information security. Information Security Technical Report, 13(4), 207215. https://doi.org/10.1016/j.istr.2008.10.009</p><p></p><p>Witte, K. (1992). Putting the fear back into fear appeals: The extended parallel process model. Communication Monographs, 59(4), 329349. https://doi.org/10.1080/03637759209376276</p><p></p><p>Witte, K. (1994). Fear control and danger control: A test of the extended parallel process model (EPPM). Communication Monographs, 61(2), 113134. https://doi.org/10.1080/03637759409376328</p><p></p><p>Witte, K., & Allen, M. (2000). A Meta-Analysis of Fear Appeals: Implications for Effective Public Health Campaigns. Health Education & Behavior, 27(5), 591615. https://doi.org/10.1177/109019810002700506</p><p></p><p>Wong, S.-P., & Whitman, L. (1999). Attaining Agility At The Enterprise Level. 6.</p><p></p><p>Woon, I.M.Y. Tan, G.W. & Low, R.T. (2005). A protection motivation theory approach to home wireless security, Proceedings of the Twenty-Sixth International Conference on Information Systems, Las Vegas, NV, 2005.</p><p></p><p>Wu, J., Zhou, J., Ma, J., Mei, S., & Ren, J. (2011). An Active Data Leakage Prevention Model for Insider Threat. 2011 2nd International Symposium on IntelligenceInformation Processing and Trusted Computing, 3942. https://doi.org/10.1109/IPTC.2011.17</p><p></p><p>Xiangyu, L., Qiuyang, L., & Chandel, S. (2017). Social Engineering and Insider Threats. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2534. https://doi.org/10.1109/CyberC.2017.91</p><p></p><p>Yaseen, Q., & Panda, B. (2009). Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems. 2009 International Conference on Computational Science and Engineering, 450455. https://doi.org/10.1109/CSE.2009.159</p><p></p><p>Yaseen, Q., & Panda, B. (2010a). Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention. 2010 IEEE Second International Conference on Social Computing, 849856. https://doi.org/10.1109/SocialCom.2010.128</p><p></p><p>Yaseen, Q., & Panda, B. (2010b). Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention. 2010 IEEE Second International Conference on Social Computing, 849856. https://doi.org/10.1109/SocialCom.2010.128</p><p></p><p>Yaseen, Q., & Panda, B. (2012a). Mitigating Insider Threat without Limiting the Availability in Concurrent Undeclared Tasks. 2012 IEEE Sixth International Conference on Software Security and Reliability, 235244. https://doi.org/10.1109/SERE.2012.36</p><p></p><p>Yaseen, Q., & Panda, B. (2012b). Tackling Insider Threat in Cloud Relational Databases. 2012 IEEE Fifth International Conference on Utility and Cloud Computing, 215218. https://doi.org/10.1109/UCC.2012.18</p><p></p><p>Yeboah-Ofori, A., & Islam, S. (2019). Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet, 11(3), 63. https://doi.org/10.3390/fi11030063</p><p></p><p>Yousef, D.A. (2000), Organizational commitment: a mediator of the relationship leadership behavior with job satisfaction and performance in a non-western country, Journal of Managerial Psychology, Vol. 15 No. 1, pp. 6-24.</p><p></p><p>Yusop, Z. M., & Abawajy, J. H. (2014). Analysis of Insiders Attack Mitigation Strategies. Procedia - Social and Behavioral Sciences, 129, 611618. https://doi.org/10.1016/j.sbspro.2014.06.002</p><p></p><p>Zafar, F., Khan, A., Suhail, S., Ahmed, I., Hameed, K., Khan, H. M., Jabeen, F., & Anjum, A. (2017). Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes. Journal of Network and Computer Applications, 94, 5068. https://doi.org/10.1016/j.jnca.2017.06.003</p><p></p><p></p><p></p>
spellingShingle HD Industries. Land use. Labor
Rahimah Mohamad Zuwita@Abu Bakar
The development of insider threat prevention framework within organization
thesis_level PhD
title The development of insider threat prevention framework within organization
title_full The development of insider threat prevention framework within organization
title_fullStr The development of insider threat prevention framework within organization
title_full_unstemmed The development of insider threat prevention framework within organization
title_short The development of insider threat prevention framework within organization
title_sort development of insider threat prevention framework within organization
topic HD Industries. Land use. Labor
url https://ir.upsi.edu.my/detailsg.php?det=12112
work_keys_str_mv AT rahimahmohamadzuwitaabubakar thedevelopmentofinsiderthreatpreventionframeworkwithinorganization
AT rahimahmohamadzuwitaabubakar developmentofinsiderthreatpreventionframeworkwithinorganization

Similar Items