A situation awareness model for information security risk management

被引:86
|
作者
Webb, Jeb [1 ]
Ahmad, Atif [1 ]
Maynard, Sean B. [1 ]
Shanks, Graeme [1 ]
机构
[1] Univ Melbourne, Melbourne Sch Engn, Dept Comp & Informat Syst, Melbourne, Vic 3172, Australia
来源
COMPUTERS & SECURITY | 2014年 / 44卷
关键词
Information security management; Information security risk management; Information security intelligence; Information security compliance; Information security investigation; Evidence-based information security; Situation awareness; Situation awareness theory; TRACKING; DESIGN;
D O I
10.1016/j.cose.2014.04.005
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise. (C) 2014 Elsevier Ltd. All rights reserved.
引用
收藏
页码:1 / 15
页数:15
相关论文
共 50 条
  • [1] Relating Wiener's cybernetics aspects and a situation awareness model implementation for information security risk management
    Anjaria, Kushal
    Mishra, Arun
    [J]. KYBERNETES, 2018, 47 (01) : 58 - 79
  • [2] Information security management: An information security retrieval and awareness model for industry
    Kritzinger, E.
    Smith, E.
    [J]. COMPUTERS & SECURITY, 2008, 27 (5-6) : 224 - 231
  • [3] Model for Sharing the Information of Cyber Security Situation Awareness between Organizations
    Kokkonen, Tero
    Hautamaki, Jari
    Siltanen, Jarmo
    Hamalainen, Timo
    [J]. 2016 23RD INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), 2016,
  • [4] Towards Developing a Security Situation Management Information Exchange Model
    Finke, Michael
    Stelkens-Kobsch, Tim
    Kolev, Denis
    Lahaije, Raoul
    Koelle, Rainer
    [J]. 2017 INTEGRATED COMMUNICATIONS, NAVIGATION AND SURVEILLANCE CONFERENCE (ICNS), 2017,
  • [5] A situation awareness system for the information security of power grid
    Xie, Ming
    Chen, Zhubin
    [J]. Journal of Computers (Taiwan), 2020, 31 (01) : 192 - 198
  • [6] Information security risk assessment model for risk management
    Wawrzyniak, Dariusz
    [J]. TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, PROCEEDINGS, 2006, 4083 : 21 - 30
  • [7] Network Security Risk Assessment Model and Method Based on Situation Awareness and CORAS
    Qi, Yong
    Wang, Yan
    Li, Qianmu
    [J]. INSTRUMENTATION, MEASUREMENT, CIRCUITS AND SYSTEMS, 2012, 127 : 191 - 204
  • [8] Security Situation Awareness Model of Logistic Unified Information System under Internet of Things
    Lin Xing-zhi
    [J]. 2011 INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND MULTIMEDIA COMMUNICATION, 2011, : 373 - 376
  • [9] A novel situation awareness model for network systems' security
    Zhao, Guosheng
    Wang, Huiqiang
    Wang, Jian
    Shen, Linshan
    [J]. COMPUTATIONAL SCIENCE - ICCS 2007, PT 3, PROCEEDINGS, 2007, 4489 : 1077 - +
  • [10] From Situation Awareness to Action: An Information Security Management Toolkit for Socio-technical Security Retrospective and Prospective Analysis
    Huynen, Jean-Louis
    Lenzini, Gabriele
    [J]. ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2017, : 213 - 224
12345