DETECTING INSIDER THREATS FROM BEHAVIOURAL AND ORGANIZATIONAL APPROACHES
The marriage of computers and telecommunication as their integration into a global multimedia system and their widespread, low-cost availability is the cornerstone for heralding various, rapid, and significant changes in production, management, societal interaction, and government. With alteration i...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/68165 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | The marriage of computers and telecommunication as their integration into a global multimedia system and their widespread, low-cost availability is the cornerstone for heralding various, rapid, and significant changes in production, management, societal interaction, and government. With alteration in many activities to digital procedures comes vulnerability. Cyber-attack risk keeps increasing for individuals and businesses. One of the attacks that could occur inside companies or organizations is an "Insider Threat". A threat that comes within the organization. Which sometimes might cause more damage than external threats. There are two types of insider threats, malicious (E.g. System hacking and Data Bridging), examples, and non-malicious, like human error or accident. Due to the complexity of human factors, this issue is mainly dealt with and discussed in previous studies through a technical approach. This research aims to find the correlation between the possibility of insider attacks with behaviour and organizational factors. The awareness of the importance of this topic seems to have not spread evenly due to different limits in each country and how policy or law works in that country. The organization have reported cases related to insider attack. Some might be reluctant to do so since this issue could affect the company's reputation and credibility and shows vulnerability inside the company. News and article about cyber-attack in Indonesia keep increasing, yet the development of action to tackle the matter did not grow as fast as the issue.
To evaluate the difference in practice between different business sectors in Indonesia. The data were collected through semi-structured interviews with people from diverse work backgrounds. The data analysis was done using tables to help the coding and correlating variable process. This research is supposed to determine the most impactful factor based on people's views. Using SOFIT Ontology as the main framework for organizational and individual characteristics will cause this research to be too broad. The framework was constructed for advanced and detailed research that would be too complicated to elaborate on each factor in a limited time. Therefore, only a few factors are going to be discussed. The factors help set limits and boundaries in the analysis and forming of the interview questions. The interview was then transcribed and analyzed manually by the author. The transcribed interview first went through an open coding process. This process includes categorizing and labelling the input, which helps with the analysis process. After the code and category to discuss were set, the result was compared with the other participant to find familiarity and gaps between opinions.
Gaps were found between participants' opinions; this creates broader and richer output. Other than gaps between participants' views, possible gaps were also found between theories and what happened in the practice of the company or organization. This research outcome intends to give information to future research and serve as a reference to businesses and organizations about current development and gaps in a business environment. Implementing a system aware of cyber security may be a significant problem a corporation faces. According to the interview, most businesses prioritize their projects, especially those not directly involved in cyber security. This may result in carelessness in the development of a preventative mechanism. On the contrary, some corporate or organizations that did prioritize this matter might have taken more precautionary steps on this issue, resulting in pressure on the employee. |
|---|