Journal article

Information Security Risk Management: An Intelligence-Driven Approach

J Webb, SB MAYNARD, A Ahmad, G Shanks

Australasian Journal of Information Systems | Australasian Association for Information Systems and Australian Computer Society | Published : 2014


Three deficiencies exist in the organisational practice of information security risk management: risk assessments are commonly perfunctory, security risks are estimated without investigation; risk is assessed on an occasional (as opposed to continuous) basis. These tendencies indicate that important data is being missed and that the situation awareness of decision-makers in many organisations is currently inadequate. This research-in-progress paper uses Endsley's situation awareness theory, and examines how the structure and functions of the US national security intelligence enterprise-a revelatory case of enterprise situation awareness development in security and risk management-correspond ..

View full abstract