Title

A situation awareness model for information security risk management

Document Type

Journal Article

Publisher

Elsevier

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute/ECU Security Research Institute

RAS ID

18288

Comments

This article was originally published as: Webb, J., Ahmad, A. , Maynard, S., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers and Security, 44(July 2014), 1-15. Original article available here

Abstract

Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.

DOI

10.1016/j.cose.2014.04.005

Access Rights

Not open access

Share

 
COinS