{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T07:10:24Z","timestamp":1775459424952,"version":"3.50.1"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319203751","type":"print"},{"value":"9783319203768","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-20376-8_58","type":"book-chapter","created":{"date-parts":[[2015,7,20]],"date-time":"2015-07-20T06:00:17Z","timestamp":1437372017000},"page":"654-663","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Insider Threats: The Major Challenge to Security Risk Management"],"prefix":"10.1007","author":[{"given":"Teresa","family":"Pereira","sequence":"first","affiliation":[]},{"given":"Henrique","family":"Santos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,7,21]]},"reference":[{"key":"58_CR1","volume-title":"Management of Information Security","author":"M Whitman","year":"2013","unstructured":"Whitman, M., Mattord, H.: Management of Information Security, 4th edn. Cengage Learning, Boston (2013)","edition":"4"},{"issue":"6","key":"58_CR2","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1016\/S0167-4048(02)01009-X","volume":"21","author":"EE Schultz","year":"2002","unstructured":"Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526\u2013531 (2002)","journal-title":"Comput. Secur."},{"issue":"2","key":"58_CR3","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1002\/inst.201114230","volume":"14","author":"F Cohen","year":"2011","unstructured":"Cohen, F.: How do we measure security? INCOSE Insight 14(2), 30\u201332 (2011)","journal-title":"INCOSE Insight"},{"key":"58_CR4","unstructured":"ISO\/IEC_JTC1: ISO\/IEC FDIS 27000 information technology - security techniques - information security management systems - overview and vocabulary. ISO Copyright Office, Geneva, Switzerland (2009)"},{"key":"58_CR5","unstructured":"Wood, B.: An insider threat model for adversary simulation. In: Anderson, R.H. (ed.) Research on Mitigating the Insider Threat to Information Systems. RAND (2000)"},{"key":"58_CR6","volume-title":"Managing Information Security Risks: the OCTAVE (SM) Approach","author":"C Alberts","year":"2002","unstructured":"Alberts, C., Dorofee, A.: Managing Information Security Risks: the OCTAVE (SM) Approach, 1st edn. Addison Wesley, Boston (2002)","edition":"1"},{"key":"58_CR7","unstructured":"ISACA (2011) COBIT 4.1: Framework for IT governance and control [on-line]. ISACA. \n                      http:\/\/www.isaca.org\/Knowledge-Center\/cobit\/Pages\/Overview.aspx"},{"key":"58_CR8","unstructured":"ITIL 2000. Official ITIL\u00ae Website [on-line]. itSMF International. The IT Service Management Forum. \n                      http:\/\/www.itsmfi.org\/content\/official-itil\u00ae-website"},{"key":"58_CR9","unstructured":"Stolen, K., den Braber, F., Dirmitrakos, T.: Model-based risk assessment \u2013the CORAS approach (2002). \n                      http:\/\/www.nik.no\/2002\/stolen.pdf"},{"issue":"2","key":"58_CR10","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.cose.2004.07.004","volume":"24","author":"B Karabacaka","year":"2005","unstructured":"Karabacaka, B., Songukpinar, I.: ISRAM: information security risk analysis method. Comput. Secur. 24(2), 147\u2013169 (2005)","journal-title":"Comput. Secur."},{"key":"58_CR11","unstructured":"Yazar, Z.A.: Qualitative risk analysis and management tool \u2013 CRAMM. SANS Institute InfoSec Reading Room (2011)"},{"key":"58_CR12","unstructured":"ENISA. Inventory of risk management\/risk assessment methods [on-line]. European Network and Information Security Agency (2011). \n                      http:\/\/rm-inv.enisa.europa.eu\/rm_ra_methods.html"},{"key":"58_CR13","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/978-3-7908-2632-6_51","volume-title":"Information Technology and Innovation treads in Organization","author":"M Sadok","year":"2011","unstructured":"Sadok, M., Spagnoletti, P.: A business aware information security risk and analysis method. In: D\u2019Atri, A., Ferrara, M., George, J.F., Spagnoletti, P. (eds.) Information Technology and Innovation treads in Organization, pp. 453\u2013460. Springer, Heidelberg (2011)"},{"key":"58_CR14","doi-asserted-by":"publisher","unstructured":"Asosheh, A., Dehmoubed, B., Khani, A.: A new quantitative approach for information security risk assessment. In: IEEE International Conference on Intelligence and Security Informatics 2009 (ISI 2009), pp. 229\u2013239, 8\u201311 June 2009. \n                      http:\/\/ieeexplore.ieee.org\/stamp\/stamp.jsp?tp=&arnumber=5137311&isnumber=5137253\n                      \n                    . doi: \n                      10.1109\/ISI.2009.5137311","DOI":"10.1109\/ISI.2009.5137311"},{"issue":"4","key":"58_CR15","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.25300\/MISQ\/2013\/37.4.09","volume":"37","author":"C Posey","year":"2013","unstructured":"Posey, C., Roberts, T.L., Lowry, P.B., Bennett, R.J., Courtney, J.: Insiders\u2019 protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Q 37(4), 1189\u20131210 (2013)","journal-title":"MIS Q"},{"issue":"5","key":"58_CR16","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1016\/j.im.2014.03.009","volume":"51","author":"C Posey","year":"2014","unstructured":"Posey, C., Roberts, T.L., Lowry, P.B., Hightower, R.T.: Bridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Inf. Manag. 51(5), 551\u2013567 (2014). doi:\n                      10.1016\/j.im.2014.03.009\n                      \n                    . \n                      http:\/\/dx.doi.org\/","journal-title":"Inf. Manag."},{"key":"58_CR17","doi-asserted-by":"crossref","unstructured":"Thompson, P.: Weak models for insider threat detection. In: Carapezza, E.M. (ed.) Sensors & Command, Control, Communications & Intelligence (C3I) Technologies for Homeland Security & Homeland Defense III, vol. 5403, pp. 40\u201348 (2004)","DOI":"10.1117\/12.548178"},{"issue":"6","key":"58_CR18","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2009.110","volume":"7","author":"D Caputo","year":"2009","unstructured":"Caputo, D., Marcus, A., Maloof, M., Stephens, G.: Detecting insider theft of trade secrets. IEEE Secur. Priv. 7(6), 14\u201321 (2009)","journal-title":"IEEE Secur. Priv."},{"issue":"6","key":"58_CR19","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1016\/j.cose.2005.05.002","volume":"24","author":"M Theoharidou","year":"2005","unstructured":"Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472\u2013484 (2005)","journal-title":"Comput. Secur."},{"key":"58_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1007\/978-3-642-15152-1_3","volume-title":"Trust, Privacy and Security in Digital Business","author":"M Kandias","year":"2010","unstructured":"Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26\u201337. Springer, Heidelberg (2010)"},{"key":"58_CR21","volume-title":"Common Sense Guide to Prevention and Detection of Insider Threat","author":"DM Cappelli","year":"2009","unstructured":"Cappelli, D.M., Moore, A.P., Trzeciak, R.F., Shimeall, T.J.: Common Sense Guide to Prevention and Detection of Insider Threat, 3rd edn. Carnegie Mellon University, Pittsburgh (2009)","edition":"3"},{"issue":"6","key":"58_CR22","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1109\/MSP.2009.111","volume":"7","author":"F Duran","year":"2009","unstructured":"Duran, F., Conrad, S., Conrad, G., Duggan, D., Held, E.: Building a system for insider security. IEEE Secur. Priv. 7(6), 30\u201338 (2009)","journal-title":"IEEE Secur. Priv."},{"key":"58_CR23","doi-asserted-by":"crossref","unstructured":"Beres, Y., Mont, M.C., Griffin, J., Shiu, S.: Using security metrics coupled with predictive modeling and simulation to assess security processes. In: 3rd International Symposium on Empirical Software Engineering and Measurement, pp. 564\u2013573 (2009)","DOI":"10.1109\/ESEM.2009.5314213"},{"issue":"3","key":"58_CR24","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1504\/IJESDF.2009.027524","volume":"2","author":"C Onwubiko","year":"2009","unstructured":"Onwubiko, C., Lenaghan, A.P.: Challenges and complexities of managing information security. Int. J. Electro. Secur. Digit. Forensics 2(3), 306\u2013321 (2009)","journal-title":"Int. J. Electro. Secur. Digit. Forensics"},{"key":"58_CR25","volume-title":"Security in Computing","author":"C Pfleeger","year":"2007","unstructured":"Pfleeger, C., Shari, L.: Security in Computing, 4th edn. Prentice Hall PTR, Upper Saddle River (2007)","edition":"4"},{"key":"58_CR26","unstructured":"Pereira, T.; Conceptual framework to support information security risk management. Ph.D thesis, University of Minho (2012)"},{"issue":"1","key":"58_CR27","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1016\/j.cose.2004.06.011","volume":"24","author":"S Hansman","year":"2005","unstructured":"Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31\u201343 (2005)","journal-title":"Comput. Secur."},{"key":"58_CR28","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","volume":"32","author":"R Crossler","year":"2013","unstructured":"Crossler, R., Johnston, A., Lowry, P., Hud, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90\u2013101 (2013)","journal-title":"Comput. Secur."},{"issue":"2","key":"58_CR29","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1145\/2076450.2076466","volume":"55","author":"A Oliner","year":"2012","unstructured":"Oliner, A., Ganapathi, A., Xu, W.: Advances and challenges in log analysis. Commun. ACM 55(2), 55\u201361 (2012)","journal-title":"Commun. ACM"}],"container-title":["Lecture Notes in Computer Science","Human Aspects of Information Security, Privacy, and Trust"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-20376-8_58","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T15:21:23Z","timestamp":1583508083000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-20376-8_58"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319203751","9783319203768"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-20376-8_58","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"21 July 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}