Browse by author
Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation’s information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation’s password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.
Author(s): Parkin SE, van Moorsel A, Coles R
Editor(s): Elçi, A., Orgun, M. A., Chefranov, A.
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: SIN'09. Proceedings of the Second International Conference on Security of Information and Networks
Year of Conference: 2009
Pages: 46-55
Date deposited: 24/09/2010
Publisher: ACM
