Sveen, Finn Olav with Jose Mari Sarriegi and Jose Gonzalez, "The Role of Incident Reporting in Reducing Information Security Risks", 2009 July 26-2009 July 30
ua435
This paper examines the role of information security incident reporting systems in the wider context of an information security management system. This work is based on four group model building workshops with participants from mnemonic AS, a Norwegian Managed Security Services Provider. We found that incident reporting is a crucial component in creating information security awareness among information system users. Our research indicates that increasing incident reporting rates does not necessarily mean poor security, but rather that the organisation is becoming more security aware, and, arguably, less exposed to information security risks. However, in an organisation with poor awareness, it is possible that incident reporting rates and risk increases simultaneously. Analogous results are known about industrial safety reporting systems and risk of organisational accidents.
This is the whole item.
Date created |
- 2009 July 26-2009 July 30
|
Type |
|
Processing Activity |
|
License |
|
ITEM CONTEXT
Part of
Scope and Contents
Part of
Scope and Contents
Part of
Scope and Contents
Collection
Collecting area |
|