Guest Editorial: Frontiers in Insider Threats and Data Leakage Prevention
Organizations continue to be plagued by information leaks caused by insiders with legitimate access to critical or proprietary information. Such unauthorized leaks may result in significant damage to competitiveness, reputation and finances, and organizations should consider proactive approaches to preventing, detecting, and responding to this threat. In this special issue, we have selected eight papers describing recent work on insider threat and data leakage prevention. These include four papers [1][2][3][4] derived from the third International Workshop on Managing Insider Security Threats (MIST 2011)1 in conjunction with the third IEEE International Conference on Intelligent Networking and Collaborative Systems (IEEE INCoS 2011). In the first paper, titled “From Insider Threats to Business Processes that are Secure-by-Design” [1], the author suggests that insider threat is a placeholder term indicating the transition from securing IT infrastructures to securing the socio-technical systems. While observing that the concept of an insider is not helpful in today’s dynamic heterogeneous organizations, he adopts “business processes that are secure-by-design (sustainable business processes)” as a new paradigm where those processes remain viable even when attacks are launched with insider knowledge. Finally, the author presents two research challenges for the sustainable business processes, modelling socio-technical systems and exploring the foundations of judgement-based risk analysis methods.