From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis

Huynen, Jean-Louis; Lenzini, Gabriele

doi:10.5220/0006211302130224

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis

Huynen, Jean-Louis; Lenzini, Gabriele

2017 • In Proceedings of the 3rd International Conference on Information Systems Security and Privacy

Peer reviewed

Permalink
https://hdl.handle.net/10993/29940

DOI
10.5220/0006211302130224

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

SCREAM.pdf

Author postprint (783.58 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Socio-Technical Security; Information Security Management and Reasoning; Root Cause Analysis

Abstract :

[en] Inspired by the root cause analysis procedures common in safety, we propose a methodology for a prospective and a retrospective analysis of security and a tool that implements it. When applied prospectively, the methodology guides analysts to assess socio-technical vulnerabilities in a system, helping them to evaluate their choices in designing security policies and controls. But the methodology works also retrospectively. It assists analysts in retrieving the causes of an observed socio-technical attack, guiding them to understand where the information security management of the system has failed. The methodology is tuned to find causes that root in the human-related factors that an attacher can exploit to execute its intrusion.

Disciplines :

Computer science

Author, co-author :

Huynen, Jean-Louis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Lenzini, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

Language :

English

Title :

From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis

Publication date :

2017

Event name :

ICISSP - 3rd International Conference on Information Systems Security and Privacy

Event place :

Porto, Portugal

Event date :

from 19-02-2017 to 21-02-2017

Main work title :

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

Peer reviewed :

Peer reviewed

FnR Project :

FNR1183245 - Socio-technical Analysis Of Security And Trust, 2011 (01/05/2012-30/04/2015) - Peter Y. A. Ryan

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 28 February 2017

Statistics

Number of views

334 (19 by Unilu)

Number of downloads

342 (6 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations