{"id":"https://openalex.org/W7116965241","doi":"https://doi.org/10.1145/3727967.3756845","title":"Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction","display_name":"Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction","publication_year":2025,"publication_date":"2025-06-17","ids":{"openalex":"https://openalex.org/W7116965241","doi":"https://doi.org/10.1145/3727967.3756845"},"language":null,"primary_location":{"id":"doi:10.1145/3727967.3756845","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756845","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3727967.3756845","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102762464","display_name":"Azzah AlGhamdi","orcid":"https://orcid.org/0000-0001-9047-1727"},"institutions":[{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":true,"raw_author_name":"Dr. Azzah Alghamdi","raw_affiliation_strings":["Imam Abdalrhman Bin Faisal University, Dammam, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-9047-1727","affiliations":[{"raw_affiliation_string":"Imam Abdalrhman Bin Faisal University, Dammam, Saudi Arabia","institution_ids":["https://openalex.org/I76571253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055298803","display_name":"MAHMOOD NIAZI","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mahmood Niazi","raw_affiliation_strings":["King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-7318-7644","affiliations":[{"raw_affiliation_string":"King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121060539","display_name":"Lucas Carvalho Cordeiro","orcid":null},"institutions":[{"id":"https://openalex.org/I28407311","display_name":"University of Manchester","ror":"https://ror.org/027m9bs27","country_code":"GB","type":"education","lineage":["https://openalex.org/I28407311"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Lucas Carvalho Cordeiro","raw_affiliation_strings":["University of Manchester, Manchester, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-6235-4272","affiliations":[{"raw_affiliation_string":"University of Manchester, Manchester, United Kingdom","institution_ids":["https://openalex.org/I28407311"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027472030","display_name":"Mamoona Humayun","orcid":"https://orcid.org/0000-0001-6339-2257"},"institutions":[{"id":"https://openalex.org/I877107187","display_name":"University of Roehampton","ror":"https://ror.org/043071f54","country_code":"GB","type":"education","lineage":["https://openalex.org/I877107187"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mamoona Humayun","raw_affiliation_strings":["University of Roehampton, London, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0001-6339-2257","affiliations":[{"raw_affiliation_string":"University of Roehampton, London, United Kingdom","institution_ids":["https://openalex.org/I877107187"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5011469121","display_name":"Andrew Stewart","orcid":"https://orcid.org/0000-0002-9795-4104"},"institutions":[{"id":"https://openalex.org/I28407311","display_name":"University of Manchester","ror":"https://ror.org/027m9bs27","country_code":"GB","type":"education","lineage":["https://openalex.org/I28407311"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Andrew Stewart","raw_affiliation_strings":["University of Manchester, Manchester, United Kingdom"],"raw_orcid":"https://orcid.org/0000-0002-9795-4104","affiliations":[{"raw_affiliation_string":"University of Manchester, Manchester, United Kingdom","institution_ids":["https://openalex.org/I28407311"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5102762464"],"corresponding_institution_ids":["https://openalex.org/I76571253"],"apc_list":null,"apc_paid":null,"fwci":2.9051,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94177282,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"41","last_page":"48"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9020000100135803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9020000100135803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.009100000374019146,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13295","display_name":"Safety Systems Engineering in Autonomy","score":0.008100000210106373,"subfield":{"id":"https://openalex.org/subfields/2213","display_name":"Safety, Risk, Reliability and Quality"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.6984999775886536},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.5968000292778015},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5133000016212463},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.48010000586509705},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.38999998569488525},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.382999986410141},{"id":"https://openalex.org/keywords/security-management","display_name":"Security management","score":0.3700000047683716}],"concepts":[{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.6984999775886536},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.6025999784469604},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5985000133514404},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.5968000292778015},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5133000016212463},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.48010000586509705},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4250999987125397},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.38999998569488525},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.382999986410141},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.3700000047683716},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3643999993801117},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.3637999892234802},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.34470000863075256},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.32899999618530273},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.326200008392334},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.29440000653266907},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.29260000586509705},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.28850001096725464},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.28450000286102295},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.28119999170303345},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.2799000144004822},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.26980000734329224}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3727967.3756845","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756845","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3727967.3756845","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3727967.3756845","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Partnerships for the goals","id":"https://metadata.un.org/sdg/17","score":0.40269967913627625}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W2200701466","https://openalex.org/W2553751163","https://openalex.org/W2612644819","https://openalex.org/W2735864825","https://openalex.org/W2919703838","https://openalex.org/W3051124794","https://openalex.org/W3083528220","https://openalex.org/W4232977219","https://openalex.org/W4285248702","https://openalex.org/W4287889980"],"related_works":[],"abstract_inverted_index":{"Context:":[0],"Developing":[1],"secure":[2,37],"environments":[3,38],"to":[4],"mitigate":[5],"insider":[6,25],"threats":[7,26],"is":[8,39],"gaining":[9],"popularity":[10],"across":[11],"various":[12],"industrial":[13],"domains.":[14],"Organizations":[15],"are":[16],"unprepared":[17],"and":[18],"unfamiliar":[19],"with":[20],"this":[21],"new":[22],"genre":[23],"of":[24],"because":[27],"research":[28],"on":[29],"the":[30],"fundamental":[31],"security":[32],"practices":[33],"required":[34],"for":[35],"developing":[36],"lacking.":[40]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2025-12-23T23:15:37.779995","created_date":"2025-12-23T00:00:00"}