An Information Security Ontology Incorporating Human-Behavioural Implications

  1. Lookup NU author(s)
  2. Dr Simon Parkin
  3. Professor Aad van Moorsel
Author(s)Parkin SE, van Moorsel A, Coles R
Editor(s)Elçi, A., Orgun, M. A., Chefranov, A.
Publication type Conference Proceedings (inc. Abstract)
Conference NameSIN'09. Proceedings of the Second International Conference on Security of Information and Networks
Conference LocationFamagusta, North Cyprus
Year of Conference2009
Legacy Date6-10 October 2009
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation’s information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation’s password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.