There is little doubt that information systems security is a major concern for companies that are dependent on information technology. Among the risks to information system security, insider attacks seem to have the greatest potential for creating a significant system failure. Despite the likelihood of insider attacks and the potential magnitude of their impact, companies are still not doing enough to protect themselves against this kind of threat. By presenting and analyzing a model of an insider attack on an information system, this paper provides insights into the dynamics of the problem and suggests policies to minimize the risk of security failures or at least to reduce the extent of damages should an insider attack occur.
展开▼