Towards an intelligence-driven information security risk management process for organisations
conference contribution
posted on 2024-11-24, 00:54 authored by Jeb Webb, Sean Maynard, Atif Ahmad, Graeme ShanksThree deficiencies exist in information security under prevailing practices: organisations tend to focus on compliance over protection; to estimate risk without investigating it; and to assess risk on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.
History
Number
52Start page
1End page
10Total pages
10Outlet
ACIS 2013: Information systems: Transforming the Future: Proceedings of the 24th Australasian Conference on Information SystemsName of conference
ACIS 2013: Information systems: Transforming the Future: 24th Australasian Conference on Information SystemsPublisher
RMIT UniversityPlace published
Melbourne, AustraliaStart date
2013-12-04End date
2013-12-06Language
EnglishCopyright
© 2013. The AuthorsFormer Identifier
2006125564Esploro creation date
2020-06-22Fedora creation date
2014-12-18Open access
- Yes
