A situation awareness model for information security risk management
Document Type
Journal Article
Publisher
Elsevier
Faculty
Faculty of Health, Engineering and Science
School
ECU Security Research Institute
RAS ID
18288
Abstract
Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.
DOI
10.1016/j.cose.2014.04.005
Access Rights
subscription content
Comments
Webb, J., Ahmad, A. , Maynard, S., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers and Security, 44(July 2014), 1-15. Available here