A situation awareness model for information security risk management

被引：86

作者：

Webb, Jeb ^{[1
]}

Ahmad, Atif ^{[1
]}

Maynard, Sean B. ^{[1
]}

Shanks, Graeme ^{[1
]}

机构：

[1] Univ Melbourne, Melbourne Sch Engn, Dept Comp & Informat Syst, Melbourne, Vic 3172, Australia

来源：

COMPUTERS & SECURITY | 2014年 / 44卷

关键词：

Information security management; Information security risk management; Information security intelligence; Information security compliance; Information security investigation; Evidence-based information security; Situation awareness; Situation awareness theory; TRACKING; DESIGN;

D O I：

10.1016/j.cose.2014.04.005

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise. (C) 2014 Elsevier Ltd. All rights reserved.

引用

页码：1 / 15

页数：15

共 50 条

[21] Situation awareness model of network security based on grey Verhulst model
School of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China
不详
[J]. Harbin Gongye Daxue Xuebao, 2008, 5 (798-801):
[22] Information security and risk management
Bodin, Lawrence D.
Gordon, Lawrence A.
Loeb, Martin P.
[J]. COMMUNICATIONS OF THE ACM, 2008, 51 (04) : 64 - 68
[23] The Information Security Risk Management
Semin, Valeriy G.
Shmakova, Elena G.
Los, Lexei B.
[J]. PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE QUALITY MANAGEMENT,TRANSPORT AND INFORMATION SECURITY, INFORMATION TECHNOLOGIES (IT&QM&IS), 2017, : 106 - 109
[24] Danger Theory Inspired Model for Network Security Situation Awareness
Sun, Feixian
[J]. 2010 SECOND INTERNATIONAL CONFERENCE ON E-LEARNING, E-BUSINESS, ENTERPRISE INFORMATION SYSTEMS, AND E-GOVERNMENT (EEEE 2010), VOL II, 2010, : 145 - 148
[25] A Cyberspace Security Situation Awareness Model Based on Complex Network
Wu, Zhitao
Liu, Jie
Xu, Siyan
[J]. PROCEEDINGS OF 2016 11TH INTERNATIONAL CONFERENCE ON RELIABILITY, MAINTAINABILITY AND SAFETY (ICRMS'2016): INTEGRATING BIG DATA, IMPROVING RELIABILITY & SERVING PERSONALIZATION, 2016,
[26] Network Security Situation Awareness Model-Inspired by Immune
Luo, Yixiang
Zhao, Minghua
Zhang, Qunyan
Zou, Ajin
[J]. MANUFACTURING SYSTEMS AND INDUSTRY APPLICATIONS, 2011, 267 : 635 - 638
[27] Danger Theory Inspired Model for Network Security Situation Awareness
Sun, Feixian
[J]. 2011 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTATION AND INDUSTRIAL APPLICATION (ICIA2011), VOL III, 2011, : 520 - 523
[28] A Situation Awareness Approach for Network Security Using the Fusion Model
Zhao, Dongmei
Wu, Yaxing
Zhang, Hongbin
[J]. MOBILE INFORMATION SYSTEMS, 2022, 2022
[29] A Network Security Situation Awareness Model Based on Artificial Immune
Zhang Ruirui
Xiao Xin
[J]. ARCHITECTURE AND BUILDING MATERIALS, PTS 1 AND 2, 2011, 99-100 : 1218 - 1221
[30] Towards an Information Security Awareness Maturity Model
Fertig, Tobias
Schuetz, Andreas E.
Weber, Kristin
Mueller, Nicholas H.
[J]. LEARNING AND COLLABORATION TECHNOLOGIES. HUMAN AND TECHNOLOGY ECOSYSTEMS, LCT 2020, PT II, 2020, 12206 : 587 - 599

← 1 2 3 4 5 →