VISTA: an inclusive insider threat taxonomy, with mitigation strategies

Karen Renaud; Merrill Warkentin; Ganna Pogrebna; Karl van der Schyff

doi:10.1016/j.im.2023.103877

VISTA: an inclusive insider threat taxonomy, with mitigation strategies

Karen Renaud^*, Merrill Warkentin, Ganna Pogrebna, Karl van der Schyff

^*Corresponding author for this work

Department of Cybersecurity and Computing

Research output: Contribution to journal › Article › peer-review

21 Citations (Scopus)

185 Downloads (Pure)

Abstract

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat.

Original language	English
Article number	103877
Number of pages	22
Journal	Information and Management
Volume	61
Issue number	1
Early online date	21 Oct 2023
DOIs	https://doi.org/10.1016/j.im.2023.103877
Publication status	Published - 1 Jan 2024

Keywords

Insider threats
Taxonomy
Mitigations
Cybersecurity

Access to Document

10.1016/j.im.2023.103877Licence: CC BY-NC-ND

VanDerSchyff_VISTA_Published_2023Final published version, 5.68 MBLicence: CC BY-NC-ND

Cite this

@article{210713f16a8841bebe0a21324d40ebaf,

title = "VISTA: an inclusive insider threat taxonomy, with mitigation strategies",

abstract = "Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat.",

author = "Karen Renaud and Merrill Warkentin and Ganna Pogrebna and \{van der Schyff\}, Karl",

note = "{\textcopyright} 2023 The Author(s). Published by Elsevier B.V. This article is available under the Creative Commons CC-BY-NC-ND license and permits non-commercial use of the work as published, without adaptation or alteration provided the work is fully attributed. Data availability statement: Not present.",

year = "2024",

month = jan,

day = "1",

doi = "10.1016/j.im.2023.103877",

language = "English",

volume = "61",

journal = "Information and Management",

issn = "0378-7206",

publisher = "Elsevier B.V.",

number = "1",

}

TY - JOUR

T1 - VISTA

T2 - an inclusive insider threat taxonomy, with mitigation strategies

AU - Renaud, Karen

AU - Warkentin, Merrill

AU - Pogrebna, Ganna

AU - van der Schyff, Karl

N1 - © 2023 The Author(s). Published by Elsevier B.V. This article is available under the Creative Commons CC-BY-NC-ND license and permits non-commercial use of the work as published, without adaptation or alteration provided the work is fully attributed. Data availability statement: Not present.

PY - 2024/1/1

Y1 - 2024/1/1

N2 - Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat.

AB - Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat.

U2 - 10.1016/j.im.2023.103877

DO - 10.1016/j.im.2023.103877

M3 - Article

SN - 0378-7206

VL - 61

JO - Information and Management

JF - Information and Management

IS - 1

M1 - 103877

ER -

VISTA: an inclusive insider threat taxonomy, with mitigation strategies

Abstract

Keywords

Access to Document

Fingerprint

Cite this