Internal Security Threats
Marcus K. Rogers, Purdue University
The threat of attacks on the information systems of businesses and institutions has become such a persistent issue that we have almost come to accept it as part of doing business in the new digital age (Carnegie-Mellon, 2004; Conte, 2003). Granted, risk has always been inherent in any business enterprise. What is unusual is the defeatist attitude that has emerged that assumes we cannot do anything about information security threats or, more precisely, risks. We have been led to believe that the most serious threat comes from the stereotypical young socially dysfunctional male sitting in front of the family computer until the wee hours of the morning wrecking havoc on governments and the corporate world1 (Denning, 1999; Rogers & Ogloff, 2003). The media also paint a dismal picture regarding the current state of information security preparedness. Vendors bombard us with marketing perpetuating the myth that we are helpless at the hands of these marauders—unless, of course, we buy their product. It is no wonder we ...