An Information Security Management for Socio-Technical Analysis of System Security

被引：0

作者：

Huynen, Jean-Louis ^{[1
]}

Lenzini, Gabriele ^{[1
]}

机构：

[1] Univ Luxembourg, Interdisciplinary Ctr Secur Reliabil & Trust SnT, Esch Sur Alzette, Luxembourg

来源：

INFORMATION SYSTEMS SECURITY AND PRIVACY | 2018年 / 867卷

关键词：

Socio-technical security; Information Security Management and Reasoning; Root Cause Analysis;

D O I：

10.1007/978-3-319-93354-2_11

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Concerned about the technical and social aspects at the root causes of security incidents and how they can hide security vulnerabilities we propose a methodology compatible with the Information Security Management life-cycle. Retrospectively, it supports analysts to reason about the socio-technical causes of observed incidents; prospectively, it helps designers account for human factors and remove potential socio-technical vulnerabilities from a system's design. The methodology, called S.CREAM, stems from practices in safety, but because of key differences between the two disciplines migrating concepts, techniques, and tools from safety to security requires a complete re-thinking. S.CREAM is supported by a tool, which we implemented. When available online it will assist security analysts and designers in their tasks. Using S.CREAM, we discuss potential socio-technical issues in the Yubikey's two-factor authentication device.

引用

页码：222 / 251

页数：30

共 50 条

[31] Human Factors in security: User-centred and socio-technical perspectives
Stedmon, Alex
Richards, Dale
Frumkin, Lara
Fussey, Peter
SECURITY JOURNAL, 2016, 29 (01) : 1 - 4
[32] Managing complex socio-technical systems: A proactive approach to airport security
Cole, Mara
Maurer, Maik
INTERNATIONAL JOURNAL OF KNOWLEDGE-BASED AND INTELLIGENT ENGINEERING SYSTEMS, 2014, 18 (03) : 191 - 200
[33] Human Factors in security: User-centred and socio-technical perspectives
Alex Stedmon
Dale Richards
Lara Frumkin
Peter Fussey
Security Journal, 2016, 29 : 1 - 4
[34] More socio-technical assessments of synthetic biology to inform security deliberations
Vogel, Kathleen M.
JOURNAL OF RESPONSIBLE INNOVATION, 2015, 2 (01) : 85 - 87
[35] STS-tool: Security requirements engineering for socio-technical systems
1600, Springer Verlag (8431):
[36] STS-tool: Security requirements engineering for socio-technical systems
1600, Springer Verlag (8431):
[37] Understanding Security Patterns for Socio-Technical Systems via Responsibility Modelling
Blyth, Andrew
2014 IEEE 8TH INTERNATIONAL SYMPOSIUM ON SERVICE ORIENTED SYSTEM ENGINEERING (SOSE), 2014, : 417 - 421
[38] Developing immunity to flight security risk: Prospective benefits from considering aviation security as a socio-technical eco-system
McFarlane P.
Hills M.
Journal of Transportation Security, 2013, 6 (3) : 221 - 234
[39] Information security culture - The socio-cultural dimension in information security management
Schlienger, T
Teufel, S
SECURITY IN THE INFORMATION SOCIETY: VISIONS AND PERSPECTIVES, 2002, 86 : 191 - 201
[40] Requirements analysis for socio-technical system design
Sutcliffe, AG
INFORMATION SYSTEMS, 2000, 25 (03) : 213 - 233

← 1 2 3 4 5 →