An information security ontology incorporating human-behavioural implications

Simon E. Parkin; Aad Van Moorsel; Robert Coles

doi:10.1145/1626195.1626209

An information security ontology incorporating human-behavioural implications

Simon E. Parkin
, Aad Van Moorsel
, Robert Coles

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation's information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation's password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.

Original language	English
Title of host publication	SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks
Pages	46-55
Number of pages	10
DOIs	https://doi.org/10.1145/1626195.1626209
Publication status	Published - 2009
Event	2nd International Conference on Security of Information and Networks, SIN'09 - Famagusta, Cyprus Duration: 6 Oct 2009 → 10 Oct 2009

Publication series

Name	SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks

Conference

Conference	2nd International Conference on Security of Information and Networks, SIN'09
Country/Territory	Cyprus
City	Famagusta
Period	6/10/09 → 10/10/09

Keywords

Human behavioural implications
Information security ontology
Password policy

ASJC Scopus subject areas

Artificial Intelligence
Computational Theory and Mathematics
Computer Networks and Communications
Software

Access to Document

10.1145/1626195.1626209

Cite this

Parkin, S. E., Van Moorsel, A., & Coles, R. (2009). An information security ontology incorporating human-behavioural implications. In SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks (pp. 46-55). Article 1626209 (SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks). https://doi.org/10.1145/1626195.1626209

@inproceedings{a2d8d7362d334da99e25cd923a3d83af,

title = "An information security ontology incorporating human-behavioural implications",

abstract = "Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation's information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation's password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.",

keywords = "Human behavioural implications, Information security ontology, Password policy",

author = "Parkin, \{Simon E.\} and \{Van Moorsel\}, Aad and Robert Coles",

year = "2009",

doi = "10.1145/1626195.1626209",

language = "English",

isbn = "9781605584126",

series = "SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks",

pages = "46--55",

booktitle = "SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks",

note = "2nd International Conference on Security of Information and Networks, SIN'09 ; Conference date: 06-10-2009 Through 10-10-2009",

}

Parkin, SE, Van Moorsel, A & Coles, R 2009, An information security ontology incorporating human-behavioural implications. in SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks., 1626209, SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks, pp. 46-55, 2nd International Conference on Security of Information and Networks, SIN'09, Famagusta, Cyprus, 6/10/09. https://doi.org/10.1145/1626195.1626209

An information security ontology incorporating human-behavioural implications. / Parkin, Simon E.; Van Moorsel, Aad; Coles, Robert.
SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks. 2009. p. 46-55 1626209 (SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - An information security ontology incorporating human-behavioural implications

AU - Parkin, Simon E.

AU - Van Moorsel, Aad

AU - Coles, Robert

PY - 2009

Y1 - 2009

N2 - Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation's information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation's password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.

AB - Security managers often regard human behaviour as a security liability, but they should accommodate it within their organisation's information security management procedures. To further the comprehension of human-behavioural factors we develop an information security ontology. This ontology is intended for organisations that aim to maintain compliance with external standards (in this case ISO27002) while considering the security behaviours of individuals within the organisation. We demonstrate use of our ontology with an applied example concerning management of an organisation's password policy, and how it may be perceived by individuals in the organisation. We formally represent information security controls and findings regarding human behaviour, and relate these to each other and the accomplishment of standards compliance. In doing so we provide a model that information security managers can use to consider the impact of their security management decisions.

KW - Human behavioural implications

KW - Information security ontology

KW - Password policy

UR - https://www.scopus.com/pages/publications/70350630540

U2 - 10.1145/1626195.1626209

DO - 10.1145/1626195.1626209

M3 - Conference contribution

AN - SCOPUS:70350630540

SN - 9781605584126

T3 - SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks

SP - 46

EP - 55

BT - SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks

T2 - 2nd International Conference on Security of Information and Networks, SIN'09

Y2 - 6 October 2009 through 10 October 2009

ER -

An information security ontology incorporating human-behavioural implications

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this