Information Security Risk Management: An Intelligence-Driven Approach
DOI:
https://doi.org/10.3127/ajis.v18i3.1096Keywords:
Information, Security, Risk Management, Enterprise Situation Awareness, IntelligenceAbstract
Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise—a revelatory case of enterprise situation awareness development in security and risk management—correspond with Endsley’s theoretical model, and how facets of the US enterprise might be adapted to improve situation awareness in the information security risk management process of organisations.Downloads
Published
2014-11-01
How to Cite
Webb, J., Maynard, S., Ahmad, A., & Shanks, G. (2014). Information Security Risk Management: An Intelligence-Driven Approach. Australasian Journal of Information Systems, 18(3). https://doi.org/10.3127/ajis.v18i3.1096
Issue
Section
Selected Papers from the Australasian Conference on Information Systems (ACIS)
License
AJIS publishes open-access articles distributed under the terms of a Creative Commons Non-Commercial and Attribution License which permits non-commercial use, distribution, and reproduction in any medium, provided the original author and AJIS are credited. All other rights including granting permissions beyond those in the above license remain the property of the author(s).
