Graduation Year

2021

Document Type

Dissertation

Degree

D.B.A.

Degree Granting Department

Business

Major Professor

Priya Dozier, D.B.A.

Co-Major Professor

Eric Eisenberg, Ph.D.

Committee Member

Joann Quinn, Ph.D.

Committee Member

Paul Spector, Ph.D.

Keywords

cybersecurity, non-malicious and malicious behavior, unwitting and witting behavior

Abstract

As implementation of computer systems has continued to grow in business contexts, employee-driven cyberspace infractions have also grown in number. Employee cyberspace behaviors have continued to have detrimental effects on company computer systems. Actions that violate company cybersecurity policies can be either malicious or unmalicious. Solutions, by and large, have been electronic and centered on hardware and software. Those proposing solutions have begun to shift their focus to human risk vulnerabilities.

This study was novel in that its focus was identification of individual, cultural, and technological risk factors that drive cyberspace insider threat activities. Identifying factors that reduce insider threat activities was the secondary focus. A grounded theory research framework guided the study. A review of existing literature identified through academic databases and industry repositories was conducted. Fifteen cybersecurity practitioners expert in the subject matter were interviewed independently and virtually for 30–45 min each to capture their experiences dealing with insider threat activities. A typical interviewee possessed a graduate degree, had 18 years of experience, possessed a gold-level industry certification, and resided in the region of Tampa Bay, Florida.

Data were coded, categorized, subcategorized, and themed, and factors were identified. Eight total themes emerged covering drivers and solutions. Five factors in the drivers category (from individual, cultural, and technological subcategories) were identified: awareness, caring, devotion, selfishness, and access. Four factors in the solutions category (from culture, education and training, technological, and communication subcategories) were identified: felicitous, advantageous, alignment, and transparency. One factor, leadership, was identified as belonging to both the drivers and solutions categories. The findings make connections among employee insider threat activities that are driven by unwitting, witting, un-malicious, and malicious behaviors.

Download

Share

COinS