TY - JOUR TI - Information theft within different organizational types DO - https://doi.org/doi:10.7282/T3HD7XHF PY - 2015 AB - As the world becomes more connected through technology and the internet, words “identity theft” and “data breach” become part of everyday conversation, signaling the rise of those incidents. Major sources of identity theft and data breach from organizations include hacking, insider theft, stolen or lost IT devices, data exposure from websites, information exposure from mailing errors, and dumped documents. The most direct of these sources are hacking and insider theft. The increasing availability of information unfortunately comes with an increased risk of its exploitation. The goals of this dissertation are to determine which organizations are vulnerable to outside hacking and insider theft, to examine how the nature of a theft and the type of an organization influence the time needed to detect the crime, and to investigate whether or not these incidents experience seasonal variation. Guided by Rational Choice theory, this dissertation focuses on incidents of hacking and insider theft that occur within four types of organizations: business, education, healthcare/medical and government. This dissertation consists of two parts: analyses of information thefts at four types of organizations and IT security incidents at 24 U.S. federal agencies. An analysis of data collected from non-profit organizations, the Open Security Foundation and the Identity Theft Resource Center from 2007 to 2013 shows that the total number of reported information theft incidents is 1,895, among which hacking incidents make up 1,114 cases, and insider thefts comprise 781 cases. Additionally, U.S. federal agencies’ IT security incidents were analyzed using the White House reports of 2012 and 2013. These cases are analyzed by the method of theft, type and size of the organization in question, and the detection period of each incident. The “SCAREM” model are used to analyze the characteristics of those incidents. Incidents of seasonal time variances are examined as well. Findings indicate that the theft rates of hacking and insider incidents are likely to be higher in larger organizations. Insider theft typically goes unnoticed longer than any other instance of cyber infiltration within the majority of organizations. U.S. federal agencies show a positive correlation between organization size and the occurrences of IT security incidents. Occurrences of IT security incidents are unequally distributed among federal agencies. Incidents of mis-handled information show seasonal variations. Analyses with the concepts of “Risky organizations” indicate that larger federal agencies except NASA show more vulnerabilities to IT security incidents. This dissertation applies situational crime prevention strategies that may reduce the opportunities for offenders. Maintaining constant IT monitoring practices and trainings for protecting valuable assets, information and data are recommended. A more comprehensive database logging incidents of information theft and data breaches is necessary. KW - Criminal Justice KW - Data protection KW - Computer security KW - Identity theft LA - eng ER -