Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry-Reference-Cited by-同舟云学术

Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry

Published:2018-07 Issue:3 Volume:9 Page:32-58
ISSN:1947-3095
Container-title:International Journal of Strategic Information Technology and Applications
language:en
Short-container-title:

Author:

Quispe Azucena¹

Affiliation:

1. Independent Research, Largo, USA

Abstract

The purpose of this qualitative, exploratory research study was to gain insights into the correlations between: (a) security threats related to the dangers of excessive access permissions in information systems (IS); and (b) the potential risk exposure to insider threat in the financial sector. The study examined the vulnerability risk to insider threats from the view of the possible connection to excessive access permissions which represent a gap in the literature. The central research question of the study was: What are the determinants that influence the applicability of internal security controls such as segregation of duties (SoD), the least privilege principle, the need-to-know concept and the relationship between access permissions and insider threat in IS? A sample of 15 financial sector professionals that included business users, IT personnel, and certified fraud examiners were interviewed to answer the central research question.

Publisher

IGI Global

Subject

General Materials Science

Reference66 articles.

1. Fraud risk factors of fraud triangle and the likelihood of fraud occurrence: Evidence from Malaysia.;S. F.Aghghaleh;Information Management and Business Review,2014

2. Ansanelli, J. (2005, February 21). Are employees the biggest threat to network security? Network World, 22(7), 56. Retrieved from http://www.networkworld.com/article/2318535/lan-wan/employees-the-biggest-threat-to-network-security.html

3. Model checking authorization requirements in business processes

4. Association of Certified Fraud Examiners. (2014). Fraud examiners manual (US ed.). Association of Certified Fraud Examiners. Retrieved from https://www.acfe.com/uploadedFiles/Shared_Content/Products/Books_and_Manuals/MainTOC_2014_Final.pdf

5. Association of Certified Fraud Examiners (ACFE). (2016). Report to the nations on occupational fraud and abuse. Retrieved from http://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf