A situation awareness model for information security risk management

Abstract

Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.

RAS ID

18288

Document Type

Journal Article

Date of Publication

1-1-2014

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute

Copyright

subscription content

Publisher

Elsevier

Comments

Webb, J., Ahmad, A. , Maynard, S., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers and Security, 44(July 2014), 1-15. Available here

Share

 
COinS
 

Link to publisher version (DOI)

10.1016/j.cose.2014.04.005