کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
456429 | 695716 | 2014 | 15 صفحه PDF | دانلود رایگان |
• We identify from literature 3 deficiencies in information security risk assessment.
• We develop a security situational awareness (SA) model from Endsley's SA theory.
• We refine our model though an in depth case study of the US intelligence enterprise.
• We show how SA can be developed using an intelligence-driven approach.
Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.
Figure optionsDownload as PowerPoint slide
Journal: Computers & Security - Volume 44, July 2014, Pages 1–15