Downloadable Content
Download PDFSveen, Finn Olav with Jose Mari Sarriegi and Jose Gonzalez, "The Role of Incident Reporting in Reducing Information Security Risks", 2009 July 26-2009 July 30
- 2009 July 26-2009 July 30
- Processing documentation available at: https://wiki.albany.edu/display/SCA/Processing+Ingested+Digital+Files
- Contact Us for questions or additional rights.
This paper examines the role of information security incident reporting systems in the wider context of an information security management system. This work is based on four group model building workshops with participants from mnemonic AS, a Norwegian Managed Security Services Provider. We found that incident reporting is a crucial component in creating information security awareness among information system users. Our research indicates that increasing incident reporting rates does not necessarily mean poor security, but rather that the organisation is becoming more security aware, and, arguably, less exposed to information security risks. However, in an organisation with poor awareness, it is possible that incident reporting rates and risk increases simultaneously. Analogous results are known about industrial safety reporting systems and risk of organisational accidents.
This is the whole item.
ITEM CONTEXT
- This collection is part of the University Archives