In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015)
Title: Understanding Security Practices Deficiencies: A Contextual Analysis
Author(s): Moufida Sadok, Peter Bednar
Keywords: Information security, Risk analysis, Security practices, Contextual analysis, Security surveys
Abstract: This paper seeks to provide an overview of how companies assess and manage security risks in practice. For this purpose we referred to data of security surveys to examine the scope of risk analysis and to identify involved entities in this process. Our analysis shows a continuous focus on data system security rather than on real world organizational context as well as a prevalent involvement of top management and security staff in risk analysis process and in security policy definition and implementation. We therefore suggest that three issues need to be further investigated in the field of information security risk management in order to bridge the gap between design and implementation of secure and usable systems. First, there is a need to broaden the horizon to consider information system as human activity system which is different from a data processing system. Second, the involvement of relevant stakeholders in context for risk analysis leads to better appreciation of security risks. Third, it is necessary to develop ad-hoc tools and techniques to facilitate discussions and dialogue between stakeholders in risk analysis context.
Download count: 1733
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.