Toggle Main Menu Toggle Search

Open Access padlockePrints

An Information Security Ontology Incorporating Human-Behavioural Implications

Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation’s information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation’s password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.

Publication metadata

Author(s): Parkin SE, van Moorsel A, Coles R

Editor(s): Elçi, A., Orgun, M. A., Chefranov, A.

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: SIN'09. Proceedings of the Second International Conference on Security of Information and Networks

Year of Conference: 2009

Pages: 46-55

Date deposited: 24/09/2010

Publisher: ACM