Understanding Security Practices Deficiencies: A Contextual Analysis

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKonferenspaper i proceeding


This paper seeks to provide an overview of how companies assess and manage security risks in practice. For this purpose we referred to data of security surveys to examine the scope of risk analysis and to identify involved entities in this process. Our analysis shows a continuous focus on data system security rather than on real world organizational context as well as a prevalent involvement of top management and security staff in risk analysis process and in
security policy definition and implementation. We therefore suggest that three issues need to be further investigated in the field of information security risk management in order to bridge the gap between design and implementation of secure and usable systems. First, there is a need to broaden the horizon to consider information system as human activity system which is different from a data processing system. Second, the involvement of relevant stakeholders in context for risk analysis leads to better appreciation of security risks. Third, it is necessary to develop ad-hoc tools and techniques to facilitate discussions and dialogue between stakeholders in risk analysis context.


  • Moufida Sadok
  • Peter Bednar
Enheter & grupper

Ämnesklassifikation (UKÄ) – OBLIGATORISK

  • Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning
  • Systemvetenskap, informationssystem och informatik
  • Ekonomi och näringsliv
  • Data- och informationsvetenskap
  • Sociologi


Titel på värdpublikationHuman Aspects of Information Security and Assurance Conference Proceedings
RedaktörerSteven Furnell, Nathan Clarke
FörlagCentre for Security, Communications and Network Research, Plymouth University, UK
Antal sidor10
ISBN (tryckt)978-1-84102-388-5
StatusPublished - 2015
Peer review utfördJa
EvenemangNinth International Symposium on Human Aspects of Information Security & Assurance, HAISA 2015 - Mytilene, Grekland
Varaktighet: 2015 jul 12015 jul 3


KonferensNinth International Symposium on Human Aspects of Information Security & Assurance, HAISA 2015


Ingen tillgänglig data