Making Passwords Secure and Usable
HCI 97 Proceedings of HCI on People and Computers XII
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
Building problem domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems
An Ontology-based Approach to the Formalization of Information Security Policies
EDOCW '06 Proceedings of the 10th IEEE on International Enterprise Distributed Object Computing Conference Workshops
Security Ontologies: Improving Quantitative Risk Analysis
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Integration of an Ontological Information Security Concept in Risk Aware Business Process Management
HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard
PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
Objective Types for the Valuation of Secure Business Processes
ICIS '08 Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008)
Eliciting Security Requirements through Misuse Activities
DEXA '08 Proceedings of the 2008 19th International Conference on Database and Expert Systems Application
The compliance budget: managing security behaviour in organisations
Proceedings of the 2008 workshop on New security paradigms
The impact of unavailability on the effectiveness of enterprise information security technologies
ISAS'08 Proceedings of the 5th international conference on Service availability
Ontological approach toward cybersecurity in cloud computing
Proceedings of the 3rd international conference on Security of information and networks
A collaborative ontology development tool for information security managers
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Proceedings of the 2010 workshop on New security paradigms
Basis for an integrated security ontology according to a systematic review of existing proposals
Computer Standards & Interfaces
International Journal of Internet Technology and Secured Transactions
| Hi-index | 0.00 |
Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation's information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation's password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.