Show simple item record

dc.contributor.authorWEBB, JEB
dc.date.accessioned2016-01-21T00:32:22Z
dc.date.available2016-01-21T00:32:22Z
dc.date.issued2015
dc.identifier.urihttp://hdl.handle.net/11343/58145
dc.description© 2015 Dr. Jeb Webb
dc.description.abstractInformation security risk management (ISRM) methods aim to protect organizational information infrastructure from a range of security threats using efficient and cost‐effective means. A review of the literature identified three common practical deficiencies that can undermine ISRM: (1) Information security risk identification is commonly perfunctory; (2) Information security risks are commonly estimated with little reference to the organization’s actual situation; and (3) Information security risk assessment is commonly performed on an intermittent, non‐historical basis. These deficiencies indicate that despite implementing “best practices,” organizations are likely to have inadequate situation awareness (SA) regarding their information security risk environments. SA is achieved by a decision‐maker in progressive stages. First, one perceives relevant elements of a situation. Once these situational elements are perceived, their intrinsic and contextual meanings can be comprehended in light of established knowledge. Optimal SA is achieved when the decision-maker knows and understands enough about relevant situational elements to project the future of the situation and its implications for operational goals and objectives. Supporting SA is a matter of supporting a decision‐maker’s ability to perceive, comprehend, and project. In ISRM, the general situations of interest are organizational information security risk environments. To answer the research question, “How can situation awareness be increased in information security risk management?” this thesis offers a design science artifact that supports perception, comprehension, and projection by means of a distributed intelligence collection and analysis effort. This artifact—the Intelligent Information Security Method—is the output of an in‐depth case study of the US Intelligence Community’s enterprise management structure, which was performed using publicly available, open source documents. The intelligence cycle, as executed by the US Intelligence Community, was modeled using Endsley’s SA theory and comparisons were then drawn between the US model and organizations to develop a risk management system for organizations. The Intelligent Information Security Method has two major dimensions. The primary (theoretical) dimension of the method is a high level process that explains how organizational SA can be achieved in general terms. The secondary (practical) dimension of the Method concerns the practical details—or “inner workings”—of this process, which are presented as a comprehensive information security risk management system design. This thesis makes a significant contribution to information security management theory by explaining management in the cognitive terms of SA, and then describing how an organizational intelligence production effort can be used to support managerial SA. The thesis makes a significant contribution to information security management practice by specifying a management system design that organizations can use to actually achieve this theoretical objective. The Intelligent Information Security Method can be used to improve the quality of ISRM in the implementing organization while simultaneously supporting the management and optimization of the organization’s business processes.en_US
dc.subjectinformation security risk managementen_US
dc.subjectsituation awareness theoryen_US
dc.subjectorganisational situation awarenessen_US
dc.subjectintelligence cycleen_US
dc.subjectintelligence enterpriseen_US
dc.subjectintelligence support to decision-makingen_US
dc.subjectdecision supporten_US
dc.subjectcommand and controlen_US
dc.subjectfeedback loopsen_US
dc.titleTowards intelligence-driven information security risk management: an intelligent information security methoden_US
dc.typePhD thesisen_US
melbourne.affiliation.departmentInformation Systems
melbourne.affiliation.facultyScience
melbourne.contributor.authorWEBB, JEB
melbourne.accessrightsOpen Access


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record