Abstract
With the rapid expansion of the Internet alongside the adoption of Digital Transformation (DX), the number of information security incidents has increased and diversified. Incidents of information leakage and loss have particularly increased, and internal fraud and inattention (i.e., human psychological risk) are attracting attention as causes of these incidents. In this paper, we focus on the psychological aspects of internal fraud and propose the appropriate risk countermeasures. We first extracted 50 security incidents involving internal fraud over the past ten years and then identified the “factors behind” them using “five whys”. We then classified these factors on the basis of the fraud triangle theory and other factors and came up with 12 common factors. Finally, we proposed various risk countermeasures such as “mutual inter-checking” and investigated their effectiveness through qualitative evaluation. Our findings contribute to the reduction of information security incidents caused by psychological factors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Information-Technology Promotion Agency, Japan. 10 Major Information Security Threats. https://www.ipa.go.jp/security/vuln/10threats2020.html (2020). (Japanese edition)
Hillson, D.: Use a risk breakdown structure (RBS) to understand your risks. In: Paper presented at Project Management Institute Annual Seminars and Symposium, Project Management Institute, San Antonio, TX, Newtown Square, PA
Dey, P.K.: Project risk management: a combined analytic hierarchy process and decision tree approach, Cost Eng. 44(3) (2002)
Oyama, Y., et al.: A proposal of defensive analysis model considering risk chains in cyber-physical space. IPSJ SIG Technical Rep. 2020-SPT-40(6), 1–6 (2020). (Japanese edition)
Uekusa, H., et al.: A study of risk management for public business with highly confidential personal information. In: Proceedings of the 13th International Conference on Project Management (ProMAC2019), pp. 307–319 (2019)
NTT TechnoCross Corporation. Human Error is the Main Cause of Information Leakage! https://www.ntt-tx.co.jp/column/feature_blog/20161005/ (2020). (Japanese edition)
Information-Technology Promotion Agency, Japan. Guidelines for the Prevention of Internal Fraud in Organization. https://www.ipa.go.jp/files/000057060.pdf (2017). (Japanese edition)
The Japanese Institute of Certificated Public Accountants, Fraud Investigation Guidelines. https://jicpa.or.jp/specialized_field/files/2-3-51-2-20130920.pdf (2013). (Japanese edition)
Inoue, I.: An analysis of the Benesse Corporation Customer Data Leak. Japan Society for Business Ethics. https://www.jabes1993.org/researchnote_2020.1_inoue.pdf (2020). (Japanese edition)
Uchida, K.: Considerations from security management in large-scale information leaks. In: Proceedings of the 78th National Convention of IPSJ, pp. 3-507–3-508 (2016)
Ministry of Internal Affairs and Communications, White Paper on Information and Communication. http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h29/index.html (2009). (Japanese edition)
Frank, M., et al.: How to mitigate security-related stress: the role of psychological capital. In: Hawaii International Conference on System Sciences, pp. 4538–4547 (2021)
Khan, B., et al.: Effectiveness of information security awareness methods based on psychological theories. Afr. J. Bus. Manage. 5(26), 10862–10868 (2011)
Uchida, K.: Establish security psychology – how to educate and training for end users. In: Stephanidis, C. (ed.) HCI International 2017 – Posters’ Extended Abstracts: 19th International Conference, HCI International 2017, Vancouver, BC, Canada, July 9–14, 2017, Proceedings, Part II, pp. 653–657. Springer International Publishing, Cham (2017). https://doi.org/10.1007/978-3-319-58753-0_92
Morozov, V., et al.: Technical to psychological aspects ratio in the specialized information security training content. Procedia Comput. Sci. 169(2020), 90–95 (2020)
Terada, T., et al.: Security measures based on human behavior characteristics. FUJITSU Sci. Tech. J 52(3), 78–84 (2016)
Wong, W.P., et al.: Human factors in information leakage: mitigation strategies for information sharing integrity. Ind. Manage. Data Syst. 119(6), 1242–2126 (2019)
Cyber Security.com: List of Personal Data Breach Incidents and Damage Cases. https://cybersecurity-jp.com/leakage-of-personal-information (2022). (Japanese edition)
Pojasek, R.B.: Asking “Why?” five times. Environ. Qual. Manage. 10(1), 79–84 (2000). https://doi.org/10.1002/1520-6483(200023)10:1%3c79::AID-TQEM10%3e3.0.CO;2-H
Serrat, O.: The five whys technique. Knowledge Solution. https://www.ldh.la.gov/assets/medicaid/hss/docs/NH/FiveWhysTechnique.pdf (2009)
Abdullahi, R., et al.: Fraud prevention initiatives in the Nigerian public sector: understanding the relationship of fraud incidences and the elements of fraud triangle theory. J. Financ. Crime. https://doi.org/10.1108/JFC-02-2015-000
Mohottige, G., et al.: The new fraud triangle theory-integrating ethical values of employees. Int. J. Bus. Econ. Law 16(5), 52–57 (2018)
Haqq, A.P.N.A., et al.: Fraud pentagon for detecting financial statement fraud. J. Econ. Bus. Account. Ventura 22(3), 319–332 (2020)
Acknowledgements
This work was supported by JSPS KAKENHI Grant Number JP 19H04098.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tanimoto, S., Suzuki, T., Hatashima, T., Kanai, A. (2022). Common Factor Analysis of Information Security Incidents Based on Psychological Factors. In: Barolli, L., Miwa, H., Enokido, T. (eds) Advances in Network-Based Information Systems. NBiS 2022. Lecture Notes in Networks and Systems, vol 526. Springer, Cham. https://doi.org/10.1007/978-3-031-14314-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-14314-4_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14313-7
Online ISBN: 978-3-031-14314-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)