A situation awareness model for information security risk management
Abstract
Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.
RAS ID
18288
Document Type
Journal Article
Date of Publication
1-1-2014
Faculty
Faculty of Health, Engineering and Science
School
ECU Security Research Institute
Copyright
subscription content
Publisher
Elsevier
Comments
Webb, J., Ahmad, A. , Maynard, S., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers and Security, 44(July 2014), 1-15. Available here