Abstract
Safeguarding and securing information assets is critical and challenging for organizations using information system to support their key business processes. Information Security Management System (ISMS) defines to setup a solid security framework and regulates systematic way how securely information system can use its resources. However technical advancements of information security do not always guarantee the overall security. All kinds of human factors can deeply affect the management of security in an organizational context despite of all security measures. But analyzing, modeling, quantifying and controlling human factors are difficult due to their subjective and context specific nature. This is because individuals tend to have distinct degree of personal and social status. This papers attempts to propose a conceptual framework for analyzing and reasoning three main human factors in an organizational context that supported by goal-modeling language based on concepts of human factors, driving and resisting forces of Force-Field Analysis (FFA) tool, goals, risks, vulnerability, controls, and Threats. This framework is beneficial to better understanding of human factors in the process of ISMS that eventually leads to reasoning a rationale change in organizational context whilst providing reasonable metrics for security. One would be ROI issue that is concern of all organization.
Chapter PDF
Similar content being viewed by others
Keywords
References
Lacey, D.: Managing the Human Factor in Information Security, How to win over staff and influence business managers. John Wiley & Sons Ltd., Chichester (2009)
Alavi, R., Islam, S., Jahankhani, H., Al-Nemrat, A.: Analyzing Human Factors for an Eff ective Information Security Management System. International Journal Of Secure Software Engineering (IJSSE) 4, 50–75 (2013)
Lee, J., Lee, Y.: A holistic model of computer abuse within organizations. Information Management & Computer Security 10(2/3), 57–63 (2002)
Puhakainen, P.: Design Theory for Information Security Awareness. University of Oulu, Oulu (2006)
Wilson, M., Hash, J.: Building an Information Technology Security Awareness and Training Program. U.S. Department of Commerce, National Institute of Standards and Technology (NIST), Washington (2003)
Dhillon, G., Backhouse, J.: Information system security management in the new millennium. Communications of the ACM 43(7), 125–128 (2000)
Reddick, C.G.: Management support and information security: an empirical study of Texas state agencies in the USA. Electronic Government, An International Journal 6, 361–377 (2009)
Islam, S., Houmb, S.H.: Integrating Risk Management Activities into Requirements Engineering. In: Proceeding of the 4th IEEE International Conference on Research Challenges in Information Science (RCIS 2010), Nice, France (2010)
Islam, S., Mouratidis, H., Weippl, E.: An Empirical Study on the Implementation and Evaluation of a Goal-driven Software Development Risk Management Model. Journal of Information and Software Technology 56(2) (February 2014)
Mattord, J., Whitman, M.: Management of Information Security, 2nd edn. Thomson Learning Inc., Canada (2008)
Mouratidis, H., Giorgini, P.: Integrating Security and Software Engineering: Advances and Future Visions. Idea Group Publication (2007)
ISO/IEC: Information technology - Security techniques - Information security management systems - Overview and Vocabulary. ISO/IEC 27000, International Organization for Standardization (ISO) and International Electro technical Commission (IEC) (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Alavi, R., Islam, S., Mouratidis, H. (2014). A Conceptual Framework to Analyze Human Factors of Information Security Management System (ISMS) in Organizations. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_26
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)