Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry: A Qualitative Study

Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry: A Qualitative Study

Azucena Quispe (Independent Research, Largo, USA)
DOI: 10.4018/IJSITA.2018070103

Abstract

The purpose of this qualitative, exploratory research study was to gain insights into the correlations between: (a) security threats related to the dangers of excessive access permissions in information systems (IS); and (b) the potential risk exposure to insider threat in the financial sector. The study examined the vulnerability risk to insider threats from the view of the possible connection to excessive access permissions which represent a gap in the literature. The central research question of the study was: What are the determinants that influence the applicability of internal security controls such as segregation of duties (SoD), the least privilege principle, the need-to-know concept and the relationship between access permissions and insider threat in IS? A sample of 15 financial sector professionals that included business users, IT personnel, and certified fraud examiners were interviewed to answer the central research question.
Article Preview

Background

Control of the user’s access to the appropriate resources for the legitimate reasons is critical for any IS; this is more important when the system is identified as a SOX application or contains private information. The lack of an appropriate access control framework in IS results in exposure to unauthorized access and compromise the reliability of data integrity (Bindahman & Zakaria, 2013). One of the fundamental security methods used to protect the data in multi-user sharing systems is access control by which users are allowed access to resources based on the user’s identity and associated privileges (Bindahman & Zakaria, 2013).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018): 3 Released, 1 Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing