We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
INFORMATION SECURITY RISK MANAGEMENT: AN INTELLIGENCE-DRIVEN APPROACH.
- Authors
Webb, Jeb; Maynard, Sean; Ahmad, Atif; Shanks, Graeme
- Abstract
Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise--a revelatory case of enterprise situation awareness development in security and risk management--correspond with Endsley's theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.
- Subjects
UNITED States; INFORMATION technology security; RISK assessment; RISK management in business; INTELLIGENCE service; SITUATIONAL awareness
- Publication
Australasian Journal of Information Systems, 2014, Vol 18, Issue 3, p391
- ISSN
1449-8618
- Publication type
Article
- DOI
10.3127/ajis.v18i3.1096