Sciweavers

SIN
2009
ACM

An information security ontology incorporating human-behavioural implications

14 years 6 months ago
An information security ontology incorporating human-behavioural implications
Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation’s information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation’s password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions. Categories and Subj...
Simon Edward Parkin, Aad P. A. van Moorsel, Robert
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2009
Where SIN
Authors Simon Edward Parkin, Aad P. A. van Moorsel, Robert Coles
Comments (0)