Toggle Main Menu Toggle Search

Open Access padlockePrints

An Information Security Ontology Incorporating Human-Behavioral Implications

Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel



In this paper we explore the need to understand the human-behavioral factors within an organization's information security management processes. We frame this investigation around development of an information security ontology. This ontology is intended for use within organizations that aim not only to maintain compliance with external standards, but also to consider and adjust the attitude towards security as exhibited by those within the organization. We provide an ontology that combines information security standards (in this case ISO27002) and representation of the human-behavioral implications of information security management decisions. Our ontology explicitly represents the human-behavioral concerns attached to specific security processes and policy decisions. As such it encourages consideration of the security behavior of individuals towards technical security controls. We demonstrate use of our ontology with an applied example concerning management of an organization's password policy. This example illustrates how password configuration may be perceived by individuals within the organization, and how this perception alters their behavior and consequently the attitude to information security in the workplace.

Publication metadata

Author(s): Parkin S E, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2009

Pages: 15

Print publication date: 01/02/2009

Source Publication Date: February 2009

Report Number: 1139

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne