An information security ontology incorporating human-behavioural implications

SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks

Volumn , Issue , 2009, Pages 46-55

  Parkin, Simon E ^a   Van Moorsel, Aad ^a   Coles, Robert ^b  

^a NEWCASTLE UNIVERSITY   (United Kingdom)

^b Merrill Lynch   (United Kingdom)

Author keywords

Human behavioural implications; Information security ontology; Password policy

Indexed keywords

HUMAN BEHAVIOURAL IMPLICATIONS; INFORMATION SECURITY; INFORMATION SECURITY CONTROLS; INFORMATION SECURITY MANAGEMENTS; INFORMATION SECURITY ONTOLOGY; PASSWORD POLICY; SECURITY MANAGEMENT; SECURITY MANAGER;

FREQUENCY HOPPING; INDUSTRIAL MANAGEMENT; MANAGERS; REGULATORY COMPLIANCE; SECURITY OF DATA; SECURITY SYSTEMS; SOCIAL SCIENCES;

ONTOLOGY;

EID: 70350630540     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1626195.1626209     Document Type: Conference Paper

References (42)

1. British Standards Institution, "BS ISO/IEC 27001:2005 - Information Technology - Security Techniques - Information Security Management Systems - Requirements", 2005
2. British Standards Institution, "BS ISO/IEC 27002:2005 - Information Technology - Security Techniques - Code of Practice for Information Security Management", 2005
3. R. Briggs & C. Edwards, "Skills for Corporate Security", The Business of Resilience, Demos, 2006
4. KTN Human Factors Working Group, "Human Vulnerabilities in Security Systems: White Paper", Cyber Security Knowledge Transfer Network (KTN), 2007
5. S.E. Parkin, R. Yassin Kassab, A. van Moorsel, "The Impact of Unavailability on the Effectiveness of Enterprise Information Security Technologies", In Service Availability. 5th International Service Availability Symposium (ISAS 2008), Springer, pp 43-58, 2008
6. T. Neubauer, A. Ekelhart, S. Fenz, "Interactive Selection of ISO 27001 Controls under Multiple Objectives", Proceedings of the 23rd International Security Conference (SEC 2008), Springer-Verlag GmbH, p. 477-492, 2008
7. R. Coles, G. P. Hodgkinson, "A Psychometric Study of Information Technology Risks in the Workplace", Risk Analysis, 28(1), pp 81-93, Society for Risk Analysis, 2008
8. F. N. do Amaral, C. Bazilio, G. M. Hamazaki da Silva, A. Rademaker, E. H. Haeusler, "An Ontology-Based Approach to the Formalization of Information Security Policies", Proceedings of the 10th IEEE on International Enterprise Distributed Object Computing Conference Workshops (EDOCW), pp 1, 2006
9. A. Beautement, R. Coles, J. Griffin, B. Monahan, D. Pym, M.A. Sasse, M. Wonham, "Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security", Workshop on Economics in Information Security (WEIS), 2008
10. A. Beautement, M. A. Sasse, and M. Wonham. "The Compliance Budget: Managing Security Behaviour in Organisations", In Proc. 2008 Workshop on New Security Paradigms, 2008
11. A. Adams, M. A. Sasse, P. Lunt, "Making Passwords Secure and Usable", Proceedings of HCI on People and Computers XII, pp 1-19, 1997
12. Newcastle University UK, "Trust Economics Website", http://www.trust-economics.org/, last viewed 24/02/09
13. R. Coles, J. Griffin, H. Johnson, B. Monahan, S.E. Parkin, D. Pym, M.A. Sasse, A. van Moorsel, "Trust Economics Feasibility Study", In 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), IEEE Computer Society, pp A45-A50, 2008
14. A. Ekelhart, S. Fenz, M. Klemen, E. Weippl, "Security Ontologies: Improving Quantitative Risk Analysis", pp.156a, 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007
15. Cyber Security Knowledge Transfer Network (KTN) & Economic & Social Research Council (ESRC), "The Economics of Information Security", ESRC Seminar Series, 2008
16. ISACA, "An Introduction to the Business Model for Information Security", ISACA, 2009
17. W3C, "OWL Web Ontology Language Overview", http://www.w3.org/ TR/owl-features/, 2004, last viewed 24/02/09
18. Stanford Center for Biomedical Informatics Research, "The Protégé Ontology Editor and Knowledge Acquisition System", http://protege.stanford.edu/, last viewed 24/02/09
19. P. Dourish, R. Grinter, J. Delgado de la Flor, and M. Joseph, "Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem". Personal and Ubiquitous Computing, 8(6), pp 391-401, 2004
20. Information Security Awareness Forum (ISAF) & Information Assurance Advisory Council (IAAC), "Creating a Strong Information Handling Culture", http://www.iaac.org.uk/Portals/0/23176\-DIAN\-A5\-PEOPLE\-15\-4. pdf, last viewed 24/02/09
21. A.S. Patrick, "Human Factors of Security Systems". Invited presentation to the HTCIA Atlantic IT Security Professional Development Day, Sept. 30, 2008
22. H. Mouratidis, P. Giorgini, G. A. Manson, "An Ontology for Modelling Security: The Tropos Approach", 7th International Conference on Knowledge-Based Intelligent Information and Engineering Systems (KES), pp 1387-1394, 2003
23. B. Karabacak & I. Sogukpinar, "A Quantitative Method for ISO 17799 Gap Analysis", Computers & Security, 25(6), pp 413-419, 2006
24. N. Nagaratnam, A. J. Nadalin, M. Hondo, M. McIntosh, P. Austel, "Business-Driven Application Security: From Modeling to Managing Secure Applications", IBM Systems Journal, 44(4), pp 847-868, 2005
25. P. Skidmore, "Beyond Measure", Demos, 2003
26. G. Magklaras & S. Furnell, "Insider Threat Prediction Tool: Evaluating the probability of IT misuse", Computers & Security, vol. 21, no. 1, pp 62-73, 2002
27. A. Gómez-Pérez, "Towards a Framework to Verify Knowledge Sharing Technology", Expert Systems with Applications, Vol. 11, No. 4, pp 519-529, 1996
28. D. Stepanova, S. Parkin, A. van Moorsel, "A Knowledge Base for Justified Information Security Decision-Making", In Proceedings of the 4th International Conference on Software and Data Technologies (ICSOFT), 2009
29. J. Brank, M. Grobelnik, D. Mladenic, "A Survey of Ontology Evaluation Techniques", In Proceedings of the Conference on Data Mining and Data Warehouses (SiKDD 2005), 2005
30. R. Gururajan & V. Gururajan, "An Examination into the Role of Knowledge Management and Computer Security in Organizations", The 7th International Research Conference on Quality, Innovation & Knowledge Management, 2005
31. T. Neubauer & J. Heurix, "Objective Types for the Valuation of Secure Business Processes", Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science (ICIS 2008), pp 231-236, 2008
32. F. A. Braz, E. B. Fernandez, M. VanHilst, "Eliciting Security Requirements through Misuse Activities", Proceedings of the 2008 19th International Conference on Database and Expert Systems Application (DEXA), Pages 328-333, 2008
33. S. Fenz, G. Goluch, A. Ekelhart, B. Riedl, and E. Weippl, "Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard", Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing (PRDC2007), IEEE Computer Society, pp 381-388, 2007
34. D. G. Firesmith, "A Taxonomy of Security-Related Requirements", International Workshop on High Assurance Systems (RHAS'05), 2005
35. A. Vorobiev & N. Bekmamedova, "An Ontological Approach Applied to Information Security and Trust", ACIS 2007 Proceedings, 2007
36. L. A. F. Martimiano & E. S. Moreira, "The Evaluation Process of a Computer Security Incident Ontology", 2nd Workshop on Ontologies and their Applications (WONTO'2006), 2006
37. J. Undercoffer, J. Pinkston, A. Joshi, T. Finin, "A Target-Centric Ontology for Intrusion Detection", In Proceedings of the IJCAI-03 Workshop on Ontologies and Distributed Systems, 2004
38. S. Lee, R. Gandhi, D. Muthurajan, D. Yavagal, G. Ahn, "Building Problem Domain Ontology from Security Requirements in Regulatory Documents", Proceedings of the 2006 international workshop on Software engineering for secure systems, pp 43-50, 2006
39. G. Goluch, A. Ekelhart, S. Fenz, S. Jakoubi, S. Tjoa and T. Mueck, "Integration of an Ontological Information Security Concept in Risk Aware Business Process Management", Proceedings of the 41st Hawaii International Conference on System Sciences (HICSS 2008), IEEE Computer Society, pp 377-385, 2008
40. N. F. Noy & D. L. McGuinness, "Ontology Development 101: A Guide to Creating Your First Ontology", Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880, 2001
41. S. R. Band, D. M. Cappelli, L. F. Fischer, A. P. Moore, E. D. Shaw, R. F. Trzeciak, "Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis", CMU/SEI-2006-TR-026, Carnegie Mellon University, 2006
42. University College London, "Human Centred Systems Group", http://hornbeam.cs.ucl.ac.uk/hcs/index.html, last viewed 19/05/09