Welcome to the InfoSci Platform
Reference Hub1
Engineering Security Agreements Against External Insider Threat

Engineering Security Agreements Against External Insider Threat

Virginia N. L. Franqueira, André van Cleeff, Pascal van Eck, Roel J. Wieringa
Copyright: © 2013 |Volume: 26 |Issue: 4 |Pages: 26
ISSN: 1040-1628|EISSN: 1533-7979|EISBN13: 9781466634718|DOI: 10.4018/irmj.2013100104
Cite Article Cite Article

MLA

Franqueira, Virginia N. L., et al. "Engineering Security Agreements Against External Insider Threat." IRMJ vol.26, no.4 2013: pp.66-91. http://doi.org/10.4018/irmj.2013100104

APA

Franqueira, V. N., van Cleeff, A., van Eck, P., & Wieringa, R. J. (2013). Engineering Security Agreements Against External Insider Threat. Information Resources Management Journal (IRMJ), 26(4), 66-91. http://doi.org/10.4018/irmj.2013100104

Chicago

Franqueira, Virginia N. L., et al. "Engineering Security Agreements Against External Insider Threat," Information Resources Management Journal (IRMJ) 26, no.4: 66-91. http://doi.org/10.4018/irmj.2013100104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Companies are increasingly engaging in complex inter-organisational networks of business and trading partners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of third parties. Such extended enterprises create individuals who are neither completely insiders nor outsiders of a company, requiring new solutions to mitigate the security threat they cause. This paper improves the method introduced in Franqueira et al. (2012) for the analysis of such threat to support negotiation of security agreements in B2B contracts. The method, illustrated via a manufacturer-retailer example, has three main ingredients: modelling to scope the analysis and to identify external insider roles, access matrix to obtain need-to-know requirements, and reverse-engineering of security best practices to analyse both pose-threat and enforce-security perspectives of external insider roles. The paper also proposes future research directions to overcome challenges identified.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.