About Open Access
An Information Security Ontology Incorporating Human-Behavioural Implications
Lookup NU author(s)
Dr Simon Parkin
Professor Aad van Moorsel
Parkin SE, van Moorsel A, Coles R
Elçi, A., Orgun, M. A., Chefranov, A.
Conference Proceedings (inc. Abstract)
SIN'09. Proceedings of the Second International Conference on Security of Information and Networks
Famagusta, North Cyprus
Year of Conference
6-10 October 2009
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation’s information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation’s password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.
Newcastle University Library, NE2 4HQ, United Kingdom. Tel: 0044 (191) 222 7657
©2011 Newcastle University Library