Start Date

11-8-2016

Description

An online-persona is a social identity internet users establish through participation in social networking sites, websites, and online communities. An individual’s online-persona creates a vulnerability for the organizations that employ them, since these online-personas are not under a firm’s control. The IS literature has established that employees are the greatest security risk to an organization; research has addressed employee risk by investigating the need for information security policies addressing compliance, unethical use of a firm’s IT resources, and risk associated with infection (i.e., malware, viruses, etc.). However, to date, the literature has not examined risks introduced by the creation of employee online-personas. The goal of our research is to develop and test a model of target-selection factors used by cyber-criminals when choosing a target for attack from the available population of online-personas, thus, enabling firms to implement policies that reduce risk of cyberattacks against themselves and their employees.

Share

COinS
 
Aug 11th, 12:00 AM

Security Risks Related to Employee “Extra-Role” Creation of an “Online-persona”

An online-persona is a social identity internet users establish through participation in social networking sites, websites, and online communities. An individual’s online-persona creates a vulnerability for the organizations that employ them, since these online-personas are not under a firm’s control. The IS literature has established that employees are the greatest security risk to an organization; research has addressed employee risk by investigating the need for information security policies addressing compliance, unethical use of a firm’s IT resources, and risk associated with infection (i.e., malware, viruses, etc.). However, to date, the literature has not examined risks introduced by the creation of employee online-personas. The goal of our research is to develop and test a model of target-selection factors used by cyber-criminals when choosing a target for attack from the available population of online-personas, thus, enabling firms to implement policies that reduce risk of cyberattacks against themselves and their employees.