Browse by author
Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel
In this paper we explore the need to understand the human-behavioral factors within an organization's information security management processes. We frame this investigation around development of an information security ontology. This ontology is intended for use within organizations that aim not only to maintain compliance with external standards, but also to consider and adjust the attitude towards security as exhibited by those within the organization. We provide an ontology that combines information security standards (in this case ISO27002) and representation of the human-behavioral implications of information security management decisions. Our ontology explicitly represents the human-behavioral concerns attached to specific security processes and policy decisions. As such it encourages consideration of the security behavior of individuals towards technical security controls. We demonstrate use of our ontology with an applied example concerning management of an organization's password policy. This example illustrates how password configuration may be perceived by individuals within the organization, and how this perception alters their behavior and consequently the attitude to information security in the workplace.
Author(s): Parkin S E, van Moorsel A
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2009
Pages: 15
Print publication date: 01/02/2009
Source Publication Date: February 2009
Report Number: 1139
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1139.pdf
