• DocumentCode
    449922
  • Title

    Extracting Useful Information from Security Assessment Interviews

  • Author

    Stanton, Jeffrey M. ; Fagnot, Isabelle J.

  • Author_Institution
    Syracuse University
  • Volume
    6
  • fYear
    2006
  • fDate
    04-07 Jan. 2006
  • Abstract
    We conducted N=68 interviews with managers, employees, and information technologists in the course of conducting security assessments of 15 small- and medium-sized organizations. Assessment interviews provide a rich source of information about the security culture and norms of an organization; this information can complement and contextualize the traditional sources of security assessment data, which generally focus on the technical infrastructure of the organization. In this paper we began the process of systematizing audit interview data through the development of a closed vocabulary pertaining to security beliefs. We used a ground-up approach to develop a list of subjects, verbs, objects, and relationships among them that emerged from the audit interviews. We discuss implications for improving the processes and outcomes of security auditing.
  • Keywords
    Art; Data mining; Data security; Educational institutions; Information management; Information security; Information systems; Investments; Power system security; Technology management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences, 2006. HICSS '06. Proceedings of the 39th Annual Hawaii International Conference on
  • ISSN
    1530-1605
  • Print_ISBN
    0-7695-2507-5
  • Type

    conf

  • DOI
    10.1109/HICSS.2006.180
  • Filename
    1579546
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=449922