Information Security Risk Management: An Intelligence-Driven Approach

Information Security Risk Management: An Intelligence-Driven Approach

Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important...

Full description

Bibliographic Details
Main Authors: Jeb Webb, Sean Maynard, Atif Ahmad, Graeme Shanks
Format: Article
Language:English
Published: Australasian Association for Information Systems 2014-11-01
Series:Australasian Journal of Information Systems
Subjects:
Information
Security
Risk Management
Enterprise Situation Awareness
Intelligence
Online Access:http://journal.acs.org.au/index.php/ajis/article/view/1096
Description
Summary:Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.
ISSN:1449-8618
1449-8618

Similar Items