Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction

Dr Azzah Alghamdi; Mahmood Niazi; Lucas Carvalho Cordeiro; Mamoona Humayun; Andrew Stewart

doi:10.1145/3727967.3756845

Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction

Dr Azzah Alghamdi
, Mahmood Niazi^*
, Lucas Carvalho Cordeiro
, Mamoona Humayun
, Andrew Stewart

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Context: Developing secure environments to mitigate insider threats is gaining popularity across various industrial domains. Organizations are unprepared and unfamiliar with this new genre of insider threats because research on the fundamental security practices required for developing secure environments is lacking.Objective: This study examines how software security experts perceive the effectiveness of best practices for improving the mitigating process of insider threats.Method: A systematic literature review (SLR) and a survey of 76 security practitioners from 74 countries, spanning 13 primary business functions of organizations and four distinct types of industries, were conducted to rate the effectiveness of the practices in mitigating insider threats.Results: Four key knowledge areas of secure environments against insider threats (compliance, top management, human resources (HR), and information technology (IT)) and the associated best practices for each knowledge area were identified. The survey results provide insight into the importance of each practice within the knowledge areas. The findings suggest potential implications of the best practices for improving the mitigating process of insider threats in future software projects.Conclusion: This study provides critical and timely insights into fundamental practices in order to improve the mitigation process of insider threats and educates software engineering professionals and researchers on the challenges and solutions for insider threats.

Original language	English
Title of host publication	Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025
Editors	Muhammad Ali Babar, Ayse Tosun, Stefan Wagner, Viktoria Stray
Publisher	Association for Computing Machinery, Inc
Pages	41-48
Number of pages	8
ISBN (Electronic)	9798400718328
DOIs	https://doi.org/10.1145/3727967.3756845
State	Published - 23 Dec 2025
Event	29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025 - Istanbul, Turkey Duration: 17 Jun 2025 → 20 Jun 2025

Publication series

Name	Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025

Conference

Conference	29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025
Country/Territory	Turkey
City	Istanbul
Period	17/06/25 → 20/06/25

Bibliographical note

Publisher Copyright:
© 2025 Copyright held by the owner/author(s).

Keywords

Best practices
Insider threats
Knowledge areas
Survey
Systematic literature review

ASJC Scopus subject areas

Software

Access to Document

10.1145/3727967.3756845

Cite this

Alghamdi, D. A., Niazi, M., Cordeiro, L. C., Humayun, M., & Stewart, A. (2025). Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction. In M. A. Babar, A. Tosun, S. Wagner, & V. Stray (Eds.), Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025 (pp. 41-48). (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025). Association for Computing Machinery, Inc. https://doi.org/10.1145/3727967.3756845

Alghamdi, Dr Azzah ; Niazi, Mahmood ; Cordeiro, Lucas Carvalho et al. / Mitigating Insider Threats : Insights from Software Security Experts for Process Improvement and Risk Reduction. Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025. editor / Muhammad Ali Babar ; Ayse Tosun ; Stefan Wagner ; Viktoria Stray. Association for Computing Machinery, Inc, 2025. pp. 41-48 (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025).

@inproceedings{651591ab78cb45eeb1f787e55d08cfa5,

title = "Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction",

abstract = "Context: Developing secure environments to mitigate insider threats is gaining popularity across various industrial domains. Organizations are unprepared and unfamiliar with this new genre of insider threats because research on the fundamental security practices required for developing secure environments is lacking.Objective: This study examines how software security experts perceive the effectiveness of best practices for improving the mitigating process of insider threats.Method: A systematic literature review (SLR) and a survey of 76 security practitioners from 74 countries, spanning 13 primary business functions of organizations and four distinct types of industries, were conducted to rate the effectiveness of the practices in mitigating insider threats.Results: Four key knowledge areas of secure environments against insider threats (compliance, top management, human resources (HR), and information technology (IT)) and the associated best practices for each knowledge area were identified. The survey results provide insight into the importance of each practice within the knowledge areas. The findings suggest potential implications of the best practices for improving the mitigating process of insider threats in future software projects.Conclusion: This study provides critical and timely insights into fundamental practices in order to improve the mitigation process of insider threats and educates software engineering professionals and researchers on the challenges and solutions for insider threats.",

keywords = "Best practices, Insider threats, Knowledge areas, Survey, Systematic literature review",

author = "Alghamdi, \{Dr Azzah\} and Mahmood Niazi and Cordeiro, \{Lucas Carvalho\} and Mamoona Humayun and Andrew Stewart",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s).; 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025 ; Conference date: 17-06-2025 Through 20-06-2025",

year = "2025",

month = dec,

day = "23",

doi = "10.1145/3727967.3756845",

language = "English",

series = "Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025",

publisher = "Association for Computing Machinery, Inc",

pages = "41--48",

editor = "Babar, \{Muhammad Ali\} and Ayse Tosun and Stefan Wagner and Viktoria Stray",

booktitle = "Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025",

}

Alghamdi, DA, Niazi, M, Cordeiro, LC, Humayun, M & Stewart, A 2025, Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction. in MA Babar, A Tosun, S Wagner & V Stray (eds), Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025. Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025, Association for Computing Machinery, Inc, pp. 41-48, 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025, Istanbul, Turkey, 17/06/25. https://doi.org/10.1145/3727967.3756845

Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction. / Alghamdi, Dr Azzah; Niazi, Mahmood; Cordeiro, Lucas Carvalho et al.
Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025. ed. / Muhammad Ali Babar; Ayse Tosun; Stefan Wagner; Viktoria Stray. Association for Computing Machinery, Inc, 2025. p. 41-48 (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Mitigating Insider Threats

T2 - 29th International Conference on Evaluation and Assessment of Software Engineering, EASE 2025

AU - Alghamdi, Dr Azzah

AU - Niazi, Mahmood

AU - Cordeiro, Lucas Carvalho

AU - Humayun, Mamoona

AU - Stewart, Andrew

PY - 2025/12/23

Y1 - 2025/12/23

N2 - Context: Developing secure environments to mitigate insider threats is gaining popularity across various industrial domains. Organizations are unprepared and unfamiliar with this new genre of insider threats because research on the fundamental security practices required for developing secure environments is lacking.Objective: This study examines how software security experts perceive the effectiveness of best practices for improving the mitigating process of insider threats.Method: A systematic literature review (SLR) and a survey of 76 security practitioners from 74 countries, spanning 13 primary business functions of organizations and four distinct types of industries, were conducted to rate the effectiveness of the practices in mitigating insider threats.Results: Four key knowledge areas of secure environments against insider threats (compliance, top management, human resources (HR), and information technology (IT)) and the associated best practices for each knowledge area were identified. The survey results provide insight into the importance of each practice within the knowledge areas. The findings suggest potential implications of the best practices for improving the mitigating process of insider threats in future software projects.Conclusion: This study provides critical and timely insights into fundamental practices in order to improve the mitigation process of insider threats and educates software engineering professionals and researchers on the challenges and solutions for insider threats.

AB - Context: Developing secure environments to mitigate insider threats is gaining popularity across various industrial domains. Organizations are unprepared and unfamiliar with this new genre of insider threats because research on the fundamental security practices required for developing secure environments is lacking.Objective: This study examines how software security experts perceive the effectiveness of best practices for improving the mitigating process of insider threats.Method: A systematic literature review (SLR) and a survey of 76 security practitioners from 74 countries, spanning 13 primary business functions of organizations and four distinct types of industries, were conducted to rate the effectiveness of the practices in mitigating insider threats.Results: Four key knowledge areas of secure environments against insider threats (compliance, top management, human resources (HR), and information technology (IT)) and the associated best practices for each knowledge area were identified. The survey results provide insight into the importance of each practice within the knowledge areas. The findings suggest potential implications of the best practices for improving the mitigating process of insider threats in future software projects.Conclusion: This study provides critical and timely insights into fundamental practices in order to improve the mitigation process of insider threats and educates software engineering professionals and researchers on the challenges and solutions for insider threats.

KW - Best practices

KW - Insider threats

KW - Knowledge areas

KW - Survey

KW - Systematic literature review

UR - https://www.scopus.com/pages/publications/105026932997

U2 - 10.1145/3727967.3756845

DO - 10.1145/3727967.3756845

M3 - Conference contribution

AN - SCOPUS:105026932997

T3 - Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025

SP - 41

EP - 48

BT - Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025

A2 - Babar, Muhammad Ali

A2 - Tosun, Ayse

A2 - Wagner, Stefan

A2 - Stray, Viktoria

PB - Association for Computing Machinery, Inc

Y2 - 17 June 2025 through 20 June 2025

ER -

Alghamdi DA, Niazi M, Cordeiro LC, Humayun M, Stewart A. Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction. In Babar MA, Tosun A, Wagner S, Stray V, editors, Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025. Association for Computing Machinery, Inc. 2025. p. 41-48. (Proceedings of the 29th International Conference on Evaluation and Assessment in Software Engineering , EASE, 2025 edition, EASE Companion 2025). doi: 10.1145/3727967.3756845

Mitigating Insider Threats: Insights from Software Security Experts for Process Improvement and Risk Reduction

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this