A Multi-Domain Approach for Security Compliance, Insider Threat Modelling and Risk Management

  • Tesleem Fagade

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)


Information security is fundamentally concerned with the confidentiality, integrity and availability of information assets at all times. However, given the ubiquitous nature of information systems and organisations’ growing reliance on large-scale interconnected networks;, it means that the prevalence and impact of cyber-attacks will continue to rise.

The problem of cybersecurity risks management in corporate organisations is non-trivial, hence, constructing tools that truly satisfy the holistic management of information security is difficult and not readily available. The work described in this thesis presents a multi-domain approach to support comprehensive security management in organisations. This global objective is achieved through the evaluation of compliant security model and how employees rationalise security behaviour while using some ISO/IEC 27001 certified banking organisations as a regional case study. The study investigates the internal and contextual factors that drive individual security behaviour intentions. Based on the characteristics that have been proven to influence human behaviour, like personality traits, emotional states, psychosocial and cognitive capabilities, this work used values from these attributes in combination with security data breach reports, to develop a conceptual model that represents the possible predictor of malicious insider activities. Also, in order to encapsulate the problems under consideration, this study explores organisations can optimise resource allocation for security investment; a feat that is often affected by intrinsically uncertain variables and disparities in resource allocation decisions. The work presented in this thesis is based on the review of existing theories that are focused on human behaviour within the context of information security and criminology. The findings from this study also identified several factors that could strongly project the intention to violate security protocols, and the results significantly increase our understanding of the elements required in support of holistic security management. This study has implications for security professionals and organisational security management.
Date of Award25 Sept 2018
Original languageEnglish
Awarding Institution
  • The University of Bristol
SupervisorTheo Tryfonas (Supervisor)

Cite this