|
Title:
|
INFORMATION SYSTEMS SECURITY DESIGN: A CASE STUDY BASED APPROACH |
|
Author(s):
|
Paolo Spagnoletti , Alessandro Datri |
|
ISBN:
|
972-8924-19-4 |
|
Editors:
|
Pedro Isaías, Miguel Baptista Nunes and Inmaculada J. Martínez |
|
Year:
|
2006 |
|
Edition:
|
V I, 2 |
|
Keywords:
|
Behavioral issues in IS Security, risk management. |
|
Type:
|
Full Paper |
|
First Page:
|
435 |
|
Last Page:
|
443 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
In the context of design and management of Information Systems, IS Security plays an important role among the non-functional aspects together with quality of services, trust, performance, etc. Literature shows an increasing interest in this topic, and several communities of researchers and practitioners are contributing to the development of a discipline where different backgrounds and approaches are involved. Principles, standard and best practices have been issued in order to manage the risks related to what is called an information asset. However, the focus remains on protecting the IT infrastructure and considering the safeguard of the business goals as a consequence of this achievement. Such approach has shown limits in several practical cases nevertheless the advantages in terms of his capability to be formalized and generalized. Some recent works claim for a deeper understanding of the context in which incidents happens, focusing on behavior, perception and intention of people interacting with the IT infrastructure. This paper aims to contribute to this field taking in to account the wide scope of the domain and stressing the value of an incident based case study in the understanding process of context related aspects when information asset identification and security control selection phases of a risk assessment process are performed. |
|
|
|
|
|
|
