%0 Conference Paper %1 hadasch2011leaking %A Hadasch, Frank %A Mueller, Benjamin %A Maedche, Alexander %B Proceedings of the 6th Mediterranean Conference on Information Systems (MCIS 2011), Cyprus %D 2011 %K bmueller confidential empirical eris fhadasch http://mesharpe.metapress.com/link.asp?id=t233vw4157g0t513 maedche security xes %T Leaking Confidential Information by Non-Malicious User Behavior in Enterprise Systems - Design of an Empirical Study %X Information assets of enterprises are vulnerable to theft and need to be protected to avoid information leakage to unauthorized parties. Technical countermeasures to protect confidential information fall to short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the context, activities, and behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with interviews. In the first phase informants will be security consultants for Enterprise Systems, in the second phase company’ s security managers will be interviewed and finally narratives are collected from end users. We employ the grounded theory approach to analyze the data and formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.

@inproceedings{hadasch2011leaking, abstract = {Information assets of enterprises are vulnerable to theft and need to be protected to avoid information leakage to unauthorized parties. Technical countermeasures to protect confidential information fall to short, as information leaks can emerge from non-malicious behavior of users while they execute a business process in an Enterprise System. Our study investigates characteristics of security incidents in which users are authorized to access information in a secure domain, but cause information flow into an unsecure domain without any malicious objectives. We use a qualitative research method to explore the context, activities, and behaviors that lead to leakage of confidential information. We will collect empirical data in three sequential phases with interviews. In the first phase informants will be security consultants for Enterprise Systems, in the second phase company’ s security managers will be interviewed and finally narratives are collected from end users. We employ the grounded theory approach to analyze the data and formulate the theoretical framework. The findings are expected to provide insights into the sources of confidential information leakage caused by non-malicious user behavior in Enterprise Systems.}, added-at = {2011-06-30T09:10:22.000+0200}, author = {Hadasch, Frank and Mueller, Benjamin and Maedche, Alexander}, biburl = {https://www.bibsonomy.org/bibtex/2e0b02e8e6f3c80ed5d1fa207d3608fa8/erispublications}, booktitle = {Proceedings of the 6th Mediterranean Conference on Information Systems (MCIS 2011), Cyprus}, interhash = {217dd6b26fdae546291a1e985aaed7b2}, intrahash = {e0b02e8e6f3c80ed5d1fa207d3608fa8}, keywords = {bmueller confidential empirical eris fhadasch http://mesharpe.metapress.com/link.asp?id=t233vw4157g0t513 maedche security xes}, timestamp = {2012-04-02T08:59:07.000+0200}, title = {Leaking Confidential Information by Non-Malicious User Behavior in Enterprise Systems - Design of an Empirical Study}, year = 2011 }