Understanding Security Practices Deficiencies: A Contextual Analysis
Author
Editor
- Steven Furnell
- Nathan Clarke
Summary, in English
security policy definition and implementation. We therefore suggest that three issues need to be further investigated in the field of information security risk management in order to bridge the gap between design and implementation of secure and usable systems. First, there is a need to broaden the horizon to consider information system as human activity system which is different from a data processing system. Second, the involvement of relevant stakeholders in context for risk analysis leads to better appreciation of security risks. Third, it is necessary to develop ad-hoc tools and techniques to facilitate discussions and dialogue between stakeholders in risk analysis context.
Department/s
Publishing year
2015
Language
English
Pages
151-160
Publication/Series
Human Aspects of Information Security and Assurance Conference Proceedings
Full text
- Available as PDF - 183 kB
- Download statistics
Document type
Conference paper
Publisher
Centre for Security, Communications and Network Research, Plymouth University, UK
Topic
- Information Systems, Social aspects
- Information Systems
- Economics and Business
- Computer and Information Science
- Sociology
Keywords
- Security surveys
- Contextual analysis
- Security practices
- Risk analysis
- Information security
Conference name
Ninth International Symposium on Human Aspects of Information Security & Assurance, HAISA 2015
Conference date
2015-07-01 - 2015-07-03
Conference place
Mytilene, Greece
Status
Published
ISBN/ISSN/Other
- ISBN: 978-1-84102-388-5