December 9 – 12 , 2012, Dagstuhl Seminar 12501

Organizational Processes for Supporting Sustainable Security


Lizzie Coles-Kemp (Royal Holloway University of London, GB)
Carrie Gates (CA Labs – Islandia, US)
Dieter Gollmann (TU Hamburg-Harburg, DE)
Jeffrey Hunker (Point Park University – Pittsburgh, US)
Sean Peisert (University of California – Davis, US)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 2, Issue 12 Dagstuhl Report
List of Participants


The Dagstuhl seminar "Designing for process resilience to insider threats" was held on December 10--12th December, 2012 (Seminar #12501) to advance our understanding of ways of reducing insider threats through the design of resilient organizational processes.

The 2012 seminar built on the results of its predecessor from 2010 ( Insider Threats: Strategies for Prevention, Mitigation, and Response, #10341.) In this seminar we developed a shared, inter-disciplinary definition of the insider and a good formulation for a taxonomy or framework that characterizes insider threats. The seminar also began to explore how organizational considerations might better be incorporated into addressing insider threats.

The purpose of the 2012 seminar was to build on the understanding of the classification of the insider threat as a type of informed threat and the design requirements for tools and policies to respond to this category of threat that we had gained from the 2008 and 2010 Dagstuhl seminars on insider threats (Countering Insider Threats, #08302, and Insider Threats: Strategies for Prevention, Mitigation, and Response, #10341). Our goal was to explore what makes organizational processes resilient to insider threats. The exploration of organizational processes required us to consider the fluid set of informed actors against organizations whose processes and boundaries can be dynamic. It also required us to conceptualise threats and vulnerabilities as "emergent". The conclusions from the previous seminars had resulted in the insight that resilient organizational processes are more resilient with respect to insider threats and more capable of limiting the damage from insider attacks. We also had the insight that resiliency appears to stem from usable, effective, and efficient security having been built into the organizational processes.

The seminar participants contained a carefully balanced mix of social and computer scientists and practitioners in order to explore the technological, organizational and social dimensions of the organizational process and its implementation. In order to productively combine the skills of the different disciplines and perspectives represented, the seminar started with a series of provocations. Debi Ashenden presented a provocation about the competing and sometimes conflicting uses of gamefication in the UK military setting. Kai-Uwe Loser presented a grounded example of personal data management practices and the conflicting perceptions of policy compliance that emerged within the example. Trish Williams presented a provocation about the value of big data in the case of electronic health data.

These design principles reflect a start point for future work on the design of organizational processes that are sustainably secure. Seminar organizers intend to produce a book that extends and explores these principles.

Dagstuhl Seminar Series


  • Modelling/Simulation
  • Security/Cryptology
  • Society/HCI


  • Insider Threat
  • Security Policies
  • Threat Modelling


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.