Security practitioners in context: Their activities and interactions with other stakeholders within organizations

Werlinger, Rodrigo; Hawkey, Kirstie; Botta, David; Beznosov, Konstantin

doi:10.1016/j.ijhcs.2009.03.002

Cited by 56 publications

(56 citation statements)

References 43 publications

(59 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their plans and policies decrease the risk of information security incidents in companies [14]. Increasing information security awareness and knowledge [15], encouraging employees to collaborate in information security [16], providing and complying with organisational information security policies and procedures [17], surveillance and control of employees access [18], increasing productivity in the information security response team [19], and inculcating commitment in employees to protect information assets are examples of management roles in the domain of information security. Information security management is incomplete without considering the important role of management.…”

Section: Managerial Aspectsmentioning

confidence: 99%

The information security landscape in the supply chain

Safa

2017

Computer Fraud & Security

View full text Add to dashboard Cite

Information security is an important issue in supply chain. Information security breaches have serious consequences for companies, such as loss of revenue, reputation, customers, business advantages, and, in the worst-case scenario, bankruptcy. On the other hand, collaboration and integration between different parties is necessary to increase productivity in the supply chain. However, increasing the flow of information increases the risk of information leakage. To mitigate the risk of information security breach in the supply chain we need to have a comprehensive view about information security. This research aims to investigate different dimensions of information security in the supply chain. A review of literature revealed that technological, managerial, organizational, psychological, educational and awareness aspects of information security play important roles in the security of information in supply chain.

show abstract

Section: Managerial Aspectsmentioning

confidence: 99%

The information security landscape in the supply chain

Safa

2017

Computer Fraud & Security

View full text Add to dashboard Cite

show abstract

“…Previous studies have shown that weak collaboration causes vulnerabilities to information in distributed, interdependent, and collaborative environments (Werlinger, Hawkey et al, 2009). To perform a security task, employees should corporate, coordinate and collaborate with others.…”

Section: Information Security Collaborationmentioning

confidence: 99%

Human errors in the information security realm – and how to fix them

Safa

Maple

2016

Computer Fraud & Security

View full text Add to dashboard Cite

Information security breaches and privacy violations are major concerns of many organizations. Human behaviour, either intentionally or through negligence, is a great potential of risk to information assets. It is acknowledged that technology alone cannot guarantee a secure environment for information assets; human considerations should be taken into account as well as technological and procedural aspects. This article strives to present a useful classification of users' mistakes in the domain of information security. The outputs of this study shed some light for both academics and practitioners. IntroductionIt is well-understood that an information security breach can have serious consequences for an organization. Losing reputation, competitive advantage, funds, future revenue, productivity, intellectual property and in the worst scenario bankruptcy are some results of information security breaches. For example, the defence industry has usually several suppliers; they share information among each other to increase productivity. Information security leakage in such a sector can have serious impacts on national security. For these reasons, considering all aspects that can mitigate the risk of information security breaches is necessary. A remarkable portion of these threats relates to the human mistakes. Sharing password and user name with colleague, writing login information on a sticky paper and putting on monitor or desk, using social number as password, using simple password without special characters (dictionary words), downloading software from the Internet, carrying organizational data in external hard or pen drive, leaving systems logged-in while in unattendance, opening unknown email and its attachments, changing password through the email (phishing) and so forth are simple examples of employees' mistakes. Users' negligence, ignorance, lack of awareness, mischievousness, apathy and resistance are usually the reasons for information security breaches (Sohrabi Safa, Von Solms et al., 2016).

show abstract

“…Another important factor for improving collaboration is the degree of shared context between actors when they collaborate to perform a given task. Werlinger et al [22] presented an approach to investigate in detail the interactions that security practitioners have with other stakeholders within the context of the security activities. They show that the tools used by security practitioners to perform their security tasks provide insufficient support for the complex collaborative interactions that they need to perform.…”

Section: Related Workmentioning

confidence: 99%