Authors:
Lili Yang
1
;
Malcolm King
1
and
Shuang Hua Yang
2
Affiliations:
1
Business School, Loughborough University, United Kingdom
;
2
Loughborough University, United Kingdom
Keyword(s):
Computer network, employee security risk assessment, organisational issue, human factors.
Related
Ontology
Subjects/Areas/Topics:
Enterprise Information Systems
;
Formal Methods
;
Information Systems Analysis and Specification
;
Methodologies and Technologies
;
Operational Research
;
Security
;
Simulation and Modeling
Abstract:
This paper aims to develop a multiple perspective framework for employee security risk assessment by simultaneously, not sequentially, addressing three distinct perspectives: technical, organisational, and human factor perspectives. Interactions between technical approaches and human factors, and between organisational issues and human factors are investigated. A security related question library that integrates organisational culture and human factors with network security risk assessment in a BS ISO/IEC 27001 compliant environment is established in order to identify security vulnerabilities.