INTEGRATING TECHNICAL APPROACHES, ORGANISATIONAL ISSUES, AND HUMAN FACTORS IN SECURITY RISK ASSESSMENT BY ORGANISING SECURITY RELATED QUESTIONS

Lili Yang, Malcolm King, Shuang Hua Yang

Abstract

This paper aims to develop a multiple perspective framework for employee security risk assessment by simultaneously, not sequentially, addressing three distinct perspectives: technical, organisational, and human factor perspectives. Interactions between technical approaches and human factors, and between organisational issues and human factors are investigated. A security related question library that integrates organisational culture and human factors with network security risk assessment in a BS ISO/IEC 27001 compliant environment is established in order to identify security vulnerabilities.

References

  1. Collins, T., 2007. NHS security dilemma as smartcards shared, Computer Weekly, 20th January.
  2. Dhillon, G and Backhouse, J., 2001. Current direction in IS security research: towards socio-organisational perspectives, Information System Journal, 11, pp. 127 -153.
  3. Douglas J. Landoll, The security risk assessment handbook: a complete guide for performing security risk ncis, 2005assessments, Boca Raton, Fla: Taylor & Francis, 2005
  4. DTI, 2006. Information security breaches survey, Available at http://www.enisa.europa.eu/doc/pdf/studies/dtiisbs200 6.pdf, accessed in 2007.
  5. ISO/IEC 27001, http://www.iso.org/iso/catalogue_detail? csnumber=42103, accessed in 2007.
  6. Koumpis C, Farrell G, May A, Mailley J, Maguire M, Sdralia V., 2007.To err is human, to design-out divine; reducing human error as a cause of cyber security breaches, A Human factors Working Group Complementary White Paper, Cyber Security Knowledge Transfer Network, Vodera Ltd & Loughborough University.
  7. Linstone, H., 1981. The multiple perspective concept with applications to technology assessment and other decision areas, Technological Forecasting and Social Change, 20, pp. 275-325.
  8. McCumber, J, 1991. Information systems security: a comprehensive model, Proceedings of the 14th National Computer Security Conference, Washington, D.C., October.
  9. McCumber, J., 2004. Assessing and managing security risk in IT systems.
  10. Tsujii, S., 2004. Paradigm of information security as interdisciplinary comprehensive science, Proceedings of the International Conference on Cyberworlds.
Download


Paper Citation


in Harvard Style

Yang L., King M. and Hua Yang S. (2008). INTEGRATING TECHNICAL APPROACHES, ORGANISATIONAL ISSUES, AND HUMAN FACTORS IN SECURITY RISK ASSESSMENT BY ORGANISING SECURITY RELATED QUESTIONS . In Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8111-38-8, pages 311-315. DOI: 10.5220/0001711603110315


in Bibtex Style

@conference{iceis08,
author={Lili Yang and Malcolm King and Shuang Hua Yang},
title={INTEGRATING TECHNICAL APPROACHES, ORGANISATIONAL ISSUES, AND HUMAN FACTORS IN SECURITY RISK ASSESSMENT BY ORGANISING SECURITY RELATED QUESTIONS},
booktitle={Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2008},
pages={311-315},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001711603110315},
isbn={978-989-8111-38-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - INTEGRATING TECHNICAL APPROACHES, ORGANISATIONAL ISSUES, AND HUMAN FACTORS IN SECURITY RISK ASSESSMENT BY ORGANISING SECURITY RELATED QUESTIONS
SN - 978-989-8111-38-8
AU - Yang L.
AU - King M.
AU - Hua Yang S.
PY - 2008
SP - 311
EP - 315
DO - 10.5220/0001711603110315