A situation awareness model for information security risk management

被引:86
|
作者
Webb, Jeb [1 ]
Ahmad, Atif [1 ]
Maynard, Sean B. [1 ]
Shanks, Graeme [1 ]
机构
[1] Univ Melbourne, Melbourne Sch Engn, Dept Comp & Informat Syst, Melbourne, Vic 3172, Australia
来源
COMPUTERS & SECURITY | 2014年 / 44卷
关键词
Information security management; Information security risk management; Information security intelligence; Information security compliance; Information security investigation; Evidence-based information security; Situation awareness; Situation awareness theory; TRACKING; DESIGN;
D O I
10.1016/j.cose.2014.04.005
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise. (C) 2014 Elsevier Ltd. All rights reserved.
引用
收藏
页码:1 / 15
页数:15
相关论文
共 50 条
  • [31] Situation Awareness and Risk Management Understanding the Notification Issues
    Morita, Plinio P.
    Burns, Catherine M.
    [J]. INTERNATIONAL PERSPECTIVES IN HEALTH INFORMATICS, 2011, 164 : 372 - 376
  • [32] Risk Management Model of Information Security in IC Manufacturing Industry
    Dai, Weihui
    Zhu, Qi
    Wang, Chunshi
    Zeng, Yujiao
    [J]. JOURNAL OF COMPUTERS, 2012, 7 (02) : 317 - 324
  • [33] Detection of Geographic Information System Security Hazards in the IoT Based on Network Security Situation Awareness
    Wang, Ben
    Zhao, Qing
    Wei, Guichen
    [J]. JOURNAL OF TESTING AND EVALUATION, 2024, 52 (03) : 1515 - 1526
  • [34] Peer to peer information management for tactical situation awareness systems
    Hinchion, F
    Mulgaonkar, P
    Wilkins, D
    Galuga, S
    [J]. MILCOM 2003 - 2003 IEEE MILITARY COMMUNICATIONS CONFERENCE, VOLS 1 AND 2, 2003, : 179 - 185
  • [35] Shared Situational Awareness in Information Security Incident Management
    Padayachee, Keshnee
    Worku, Elias
    [J]. 2017 12TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2017, : 479 - 483
  • [36] Information security management model
    Cribb, T
    Rao, A
    [J]. SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2, 2003, : 654 - 657
  • [37] Intention Awareness Theory in Information Risk Engineering: Contrived Balance in Integrating Information Assurance and Situation Awareness
    Howard, Newton
    [J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2013, 8 (01): : 9 - 16
  • [38] Situation awareness and security risk mitigation for integrated energy systems with the inclusion of power-to-gas model
    Chen, Houhe
    Shao, Junyan
    Jiang, Tao
    Zhang, Rufeng
    Li, Xue
    Li, Guoqing
    [J]. IET RENEWABLE POWER GENERATION, 2020, 14 (17) : 3327 - 3335
  • [39] APPLICATION OF ARTIFICIAL INTELLIGENCE TECHNOLOGY IN ELECTROMECHANICAL INFORMATION SECURITY SITUATION AWARENESS SYSTEM
    Liu, Xiangying
    Li, Zhiqiang
    Tang, Zhuwei
    Zhang, Xiang
    Wang, Hongxia
    [J]. SCALABLE COMPUTING-PRACTICE AND EXPERIENCE, 2024, 25 (01): : 127 - 136
  • [40] A Conceptual Model for Risk-Based Situation Awareness
    Naderpour, Mohsen
    Lu, Jie
    Kerre, Etienne
    [J]. FOUNDATIONS OF INTELLIGENT SYSTEMS (ISKE 2011), 2011, 122 : 297 - +
12345