Title

A situation awareness model for information security risk management

Document Type

Journal Article

Publisher

Elsevier

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute

RAS ID

18288

Comments

This article was originally published as: Webb, J., Ahmad, A. , Maynard, S., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers and Security, 44(July 2014), 1-15. Original article available here

Abstract

Information security risk management (ISRM) is the primary means by which organizations preserve the confidentiality, integrity and availability of information resources. A review of ISRM literature identified deficiencies in the practice of information security risk assessment that inevitably lead to poor decision-making and inadequate or inappropriate security strategies. In this conceptual paper, we propose a situation aware ISRM (SA-ISRM) process model to complement the information security risk management process. Our argument is that the model addresses the aforementioned deficiencies through an enterprise-wide collection, analysis and reporting of risk-related information. The SA-ISRM model is adapted from Endsley's situation awareness model and has been refined using our findings from a case study of the US national security intelligence enterprise.

DOI

10.1016/j.cose.2014.04.005

Share

 
COinS