NexComm 2022 Congress
April 24, 2022 to April 28, 2022 - Barcelona, Spain

  • ICDT 2022, The Seventeenth International Conference on Digital Telecommunications
  • SPACOMM 2022, The Fourteenth International Conference on Advances in Satellite and Space Communications
  • ICN 2022, The Twenty-First International Conference on Networks
  • ICONS 2022, The Seventeenth International Conference on Systems
  • MMEDIA 2022, The Fourteenth International Conference on Advances in Multimedia
  • PESARO 2022, The Twelfth International Conference on Performance, Safety and Robustness in Complex Systems and Applications
  • CTRQ 2022, The Fifteenth International Conference on Communication Theory, Reliability, and Quality of Service
  • ALLDATA 2022, The Eighth International Conference on Big Data, Small Data, Linked Data and Open Data
  • SOFTENG 2022, The Eighth International Conference on Advances and Trends in Software Engineering

ComputationWorld 2022 Congress
April 24, 2022 to April 28, 2022 - Barcelona, Spain

  • SERVICE COMPUTATION 2022, The Fourteenth International Conference on Advanced Service Computing
  • CLOUD COMPUTING 2022, The Thirteenth International Conference on Cloud Computing, GRIDs, and Virtualization
  • FUTURE COMPUTING 2022, The Fourteenth International Conference on Future Computational Technologies and Applications
  • COGNITIVE 2022, The Fourteenth International Conference on Advanced Cognitive Technologies and Applications
  • ADAPTIVE 2022, The Fourteenth International Conference on Adaptive and Self-Adaptive Systems and Applications
  • CONTENT 2022, The Fourteenth International Conference on Creative Content Technologies
  • PATTERNS 2022, The Fourteenth International Conference on Pervasive Patterns and Applications
  • COMPUTATION TOOLS 2022, The Thirteenth International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking
  • BUSTECH 2022, The Twelfth International Conference on Business Intelligence and Technology

InfoSys 2022 Congress
May 22, 2022 to May 26, 2022 - Venice, Italy

  • ICNS 2022, The Eighteenth International Conference on Networking and Services
  • ICAS 2022, The Eighteenth International Conference on Autonomic and Autonomous Systems
  • ENERGY 2022, The Twelfth International Conference on Smart Grids, Green Communications and IT Energy-aware Technologies
  • WEB 2022, The Tenth International Conference on Building and Exploring Web Based Environments
  • DBKDA 2022, The Fourteenth International Conference on Advances in Databases, Knowledge, and Data Applications
  • SIGNAL 2022, The Seventh International Conference on Advances in Signal, Image and Video Processing
  • BIOTECHNO 2022, The Fourteenth International Conference on Bioinformatics, Biocomputational Systems and Biotechnologies

InfoWare 2022 Congress
May 22, 2022 to May 26, 2022 - Venice, Italy

  • ICCGI 2022, The Seventeenth International Multi-Conference on Computing in the Global Information Technology
  • ICWMC 2022, The Eighteenth International Conference on Wireless and Mobile Communications
  • VEHICULAR 2022, The Eleventh International Conference on Advances in Vehicular Systems, Technologies and Applications
  • INTERNET 2022, The Fourteenth International Conference on Evolving Internet
  • COLLA 2022, The Twelfth International Conference on Advanced Collaborative Networks, Systems and Applications
  • INTELLI 2022, The Eleventh International Conference on Intelligent Systems and Applications
  • VISUAL 2022, The Seventh International Conference on Applications and Systems of Visual Paradigms
  • HUSO 2022, The Eighth International Conference on Human and Social Analytics
  • BRAININFO 2022, The Seventh International Conference on Neuroscience and Cognitive Brain Information

DataSys 2022 Congress
June 26, 2022 to June 30, 2022 - Porto, Portugal

  • AICT 2022, The Eighteenth Advanced International Conference on Telecommunications
  • ICIW 2022, The Seventeenth International Conference on Internet and Web Applications and Services
  • ICIMP 2022, The Seventeenth International Conference on Internet Monitoring and Protection
  • SMART 2022, The Eleventh International Conference on Smart Cities, Systems, Devices and Technologies
  • IMMM 2022, The Twelfth International Conference on Advances in Information Mining and Management
  • INFOCOMP 2022, The Twelfth International Conference on Advanced Communications and Computation
  • MOBILITY 2022, The Twelfth International Conference on Mobile Services, Resources, and Users
  • SPWID 2022, The Eighth International Conference on Smart Portable, Wearable, Implantable and Disability-oriented Devices and Systems
  • ACCSE 2022, The Seventh International Conference on Advances in Computation, Communications and Services

DigitalWorld 2022 Congress
June 26, 2022 to June 30, 2022 - Porto, Portugal

  • ICDS 2022, The Sixteenth International Conference on Digital Society
  • ACHI 2022, The Fifteenth International Conference on Advances in Computer-Human Interactions
  • GEOProcessing 2022, The Fourteenth International Conference on Advanced Geographic Information Systems, Applications, and Services
  • eTELEMED 2022, The Fourteenth International Conference on eHealth, Telemedicine, and Social Medicine
  • eLmL 2022, The Fourteenth International Conference on Mobile, Hybrid, and On-line Learning
  • eKNOW 2022, The Fourteenth International Conference on Information, Process, and Knowledge Management
  • ALLSENSORS 2022, The Seventh International Conference on Advances in Sensors, Actuators, Metering and Sensing
  • SMART ACCESSIBILITY 2022, The Seventh International Conference on Universal Accessibility in the Internet of Things and Smart Environments

NetWare 2022 Congress
October 16, 2022 to October 20, 2022 - Lisbon, Portugal

  • SENSORCOMM 2022, The Sixteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2022, The Thirteenth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2022, The Sixteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2022, The Fourteenth International Conference on Advances in Future Internet
  • CENICS 2022, The Fifteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2022, The Sixteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2022, The Eighth International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2022, The Seventh International Conference on Green Communications, Computing and Technologies

SoftNet 2022 Congress
October 16, 2022 to October 20, 2022 - Lisbon, Portugal

  • ICSEA 2022, The Seventeenth International Conference on Software Engineering Advances
  • ICSNC 2022, The Seventeenth International Conference on Systems and Networks Communications
  • CENTRIC 2022, The Fifteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2022, The Fourteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2022, The Fourteenth International Conference on Advances in System Simulation
  • SOTICS 2022, The Twelfth International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2022, The Eleventh International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2022, The Seventh International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NexTech 2022 Congress
November 13, 2022 to November 17, 2022 - Valencia, Spain

  • UBICOMM 2022, The Sixteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2022, The Sixteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2022, The Sixteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2022, The Twelfth International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2022, The Fourteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2022, The Eleventh International Conference on Data Analytics
  • GLOBAL HEALTH 2022, The Eleventh International Conference on Global Health Challenges
  • CYBER 2022, The Seventh International Conference on Cyber-Technologies and Cyber-Systems

TrendNews 2022 Congress
November 13, 2022 to November 17, 2022 - Valencia, Spain

  • CORETA 2022, Advances on Core Technologies and Applications
  • DIGITAL 2022, Advances on Societal Digital Transformation

 


ThinkMind // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article securware_2017_2_10_30015


An Empirical Study of Root-Cause Analysis in Information Security Management

Authors:
Gaute Wangen
Niclas Hellesen
Henrik Torres
Erlend Brækken

Keywords: Information Security; Root cause analysis; Risk Management; Case study.

Abstract:
This paper studies the application of Root-cause analysis (RCA) methodology to a complex socio-technical information security (InfoSec) management problem. InfoSec risk assessment (ISRA) is the common approach for dealing with problems is InfoSec, where the main purpose is to manage risk and maintain an acceptable risk level. In comparison, the RCA tools are designed to identify and eliminate the root-cause of a reoccurring problem. Our case study is a complex issue regarding multiple breaches of the security policy primarily through access control violations. By running a full-scale RCA, this study finds that the benefits of the RCA tools are a better understanding of the social aspects of the risk; RCA highlighted previously unknown social and administrative causes for the problem which in turn provided an improved decision-basis. The problem treatments recommended by the ISRA and the RCA differed in that the ISRA results recommended technical controls, while the RCA suggested more administrative treatments. Furthermore, we found that the ISRA and RCA can complement each other in administrative and technical issues. The main drawback was that our cost-benefit analysis regarding hours spent on RCA was on the borderline of being justifiable. As future work, we propose to develop a leaner version of the RCA scoped for information security problems.

Pages: 26 to 33

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.