LEAKING CONFIDENTIAL INFORMATION BY NON-MALICIOUS USER BEHAVIOR IN ENTERPRISE SYSTEMS – DESIGN OF AN EMPIRICAL STUDY
Information assets of enterprises are vulnerable to theft and require protection to avoid information leakage to unauthorized parties. Current technical countermeasures to protect confidential information fall too short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study is in progress and investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the enterprise context, technological infrastructure, activities and user behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with expert interviews. In the first phase informants will be data security consultants, in the second phase company’s data security officers will be interviewed and finally narratives are collected from end users of Enterprise Systems. We employ grounded theory as an approach to analyze data and to formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.
Hadasch, Frank; Mueller, Benjamin; and Maedche, Alexander, "LEAKING CONFIDENTIAL INFORMATION BY NON-MALICIOUS USER BEHAVIOR IN ENTERPRISE SYSTEMS – DESIGN OF AN EMPIRICAL STUDY" (2011). MCIS 2011 Proceedings. 126.