Security mistakes in information system deployment projects

Purpose - This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in ...

[1]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[2]  David J. Weiss,et al.  Empirical Assessment of Expertise , 2003, Hum. Factors.

[3]  Nong Ye,et al.  A System-Fault-Risk Framework for cyber attack classification , 2006, Inf. Knowl. Syst. Manag..

[4]  Silja Renooij,et al.  Probability elicitation for belief networks: issues to consider , 2001, The Knowledge Engineering Review.

[5]  Ray Fink LESSONS LEARNED FROM CYBER SECURITY ASSESSMENTS OF SCADA AND ENERGY MANAGEMENT SYSTEMS , 2006 .

[6]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[7]  Jan H. P. Eloff,et al.  A framework and assessment instrument for information security culture , 2010, Comput. Secur..

[8]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[9]  R. Cooke Experts in Uncertainty: Opinion and Subjective Probability in Science , 1991 .

[10]  J. Shaoul Human Error , 1973, Nature.

[11]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[12]  F. Nelson Ford,et al.  Information security: management's effect on culture and policy , 2006, Inf. Manag. Comput. Secur..

[13]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[14]  M. Angela Sasse,et al.  Safe and sound: a safety-critical approach to security , 2001, NSPW '01.

[15]  P. Dourish,et al.  Security as a Practical Problem: Some Preliminary Observations of Everyday Mental Models , 2003 .

[16]  Pascale Carayon,et al.  Human and organizational factors in computer and information security: Pathways to vulnerabilities , 2009, Comput. Secur..

[17]  Eugene H. Spafford,et al.  Use of A Taxonomy of Security Faults , 1996 .

[18]  David A. Schkade,et al.  WHERE DO THE NUMBERS COME FROM , 1993 .

[19]  P. Carayon,et al.  Computer and Information Security Culture: Findings from two Studies , 2005 .

[20]  H. J. Einhorn Expert judgment: Some necessary conditions and an example. , 1974 .

[21]  Nir Friedman,et al.  Being Bayesian about Network Structure , 2000, UAI.

[22]  James Shanteau,et al.  Empirical Assessment of Expertise. (Special Section) , 2003 .

[23]  Kaplan,et al.  ‘Combining Probability Distributions from Experts in Risk Analysis’ , 2000, Risk analysis : an official publication of the Society for Risk Analysis.

[24]  Nir Friedman,et al.  Being Bayesian About Network Structure. A Bayesian Approach to Structure Discovery in Bayesian Networks , 2004, Machine Learning.

[25]  L. C. van der Gaag,et al.  Building probabilistic networks: Where do the numbers come from? - a guide to the literature , 2000 .

[26]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[27]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[28]  Jim Alves-Foss,et al.  Assessing computer security vulnerability , 1995, OPSR.

[29]  Malcolm Robert Pattinson,et al.  How well are information risks being communicated to your computer end-users? , 2007, Inf. Manag. Comput. Secur..

[30]  E. Salas,et al.  Human Factors : The Journal of the Human Factors and Ergonomics Society , 2012 .

[31]  Marek J. Druzdzel,et al.  Building Probabilistic Networks: "Where Do the Numbers Come From?" Guest Editors Introduction , 2000, IEEE Trans. Knowl. Data Eng..

[32]  Evangelos A. Kiountouzis,et al.  Information Management & Computer Security Formulating information systems risk management strategies through cultural theory , 2016 .

[33]  Marek J. Druzdzel,et al.  GeNIe: A Development Environment for Graphical Decision-Analytic Models , 1999, AMIA.

[34]  Konstantin Beznosov,et al.  On the imbalance of the security problem space and its expected consequences , 2007, Inf. Manag. Comput. Secur..

[35]  Marek J. Druzdzel,et al.  Elicitation of Probabilities for Belief Networks: Combining Qualitative and Quantitative Information , 1995, UAI.

[36]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[37]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[38]  Kirstie Hawkey,et al.  An integrated view of human, organizational, and technological challenges of IT security management , 2009, Inf. Manag. Comput. Secur..

[39]  Ronald F. DeMara,et al.  Evaluation of the Human Impact of Password Authentication , 2004, Informing Sci. Int. J. an Emerg. Transdiscipl..