Information Security Risk Management: An Intelligence-Driven Approach

Information Security Risk Management: An Intelligence-Driven Approach

Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important...

Full description

Bibliographic Details
Main Authors: Jeb Webb, Sean Maynard, Atif Ahmad, Graeme Shanks
Format: Article
Language:English
Published: Australasian Association for Information Systems 2014-11-01
Series:Australasian Journal of Information Systems
Subjects:
Information
Security
Risk Management
Enterprise Situation Awareness
Intelligence
Online Access:http://journal.acs.org.au/index.php/ajis/article/view/1096
id doaj-fd44d1a6b6ec449fa80466e897b5199a
record_format Article
spelling doaj-fd44d1a6b6ec449fa80466e897b5199a2021-08-02T07:34:24ZengAustralasian Association for Information SystemsAustralasian Journal of Information Systems1449-86181449-86182014-11-0118310.3127/ajis.v18i3.1096515Information Security Risk Management: An Intelligence-Driven ApproachJeb Webb0Sean Maynard1Atif Ahmad2Graeme Shanks3University of MelbourneUniversity of MelbourneUniversity of MelbourneUniversity of MelbourneThree deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.http://journal.acs.org.au/index.php/ajis/article/view/1096InformationSecurityRisk ManagementEnterprise Situation AwarenessIntelligence
collection DOAJ
language English
format Article
sources DOAJ
author Jeb Webb
Sean Maynard
Atif Ahmad
Graeme Shanks
spellingShingle Jeb Webb
Sean Maynard
Atif Ahmad
Graeme Shanks
Information Security Risk Management: An Intelligence-Driven Approach
Australasian Journal of Information Systems
Information
Security
Risk Management
Enterprise Situation Awareness
Intelligence
author_facet Jeb Webb
Sean Maynard
Atif Ahmad
Graeme Shanks
author_sort Jeb Webb
title Information Security Risk Management: An Intelligence-Driven Approach
title_short Information Security Risk Management: An Intelligence-Driven Approach
title_full Information Security Risk Management: An Intelligence-Driven Approach
title_fullStr Information Security Risk Management: An Intelligence-Driven Approach
title_full_unstemmed Information Security Risk Management: An Intelligence-Driven Approach
title_sort information security risk management: an intelligence-driven approach
publisher Australasian Association for Information Systems
series Australasian Journal of Information Systems
issn 1449-8618
1449-8618
publishDate 2014-11-01
description Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.
topic Information
Security
Risk Management
Enterprise Situation Awareness
Intelligence
url http://journal.acs.org.au/index.php/ajis/article/view/1096
work_keys_str_mv AT jebwebb informationsecurityriskmanagementanintelligencedrivenapproach
AT seanmaynard informationsecurityriskmanagementanintelligencedrivenapproach
AT atifahmad informationsecurityriskmanagementanintelligencedrivenapproach
AT graemeshanks informationsecurityriskmanagementanintelligencedrivenapproach
_version_ 1721239309384679424

Similar Items