ComputationWorld 2018
February 18 - 22, 2018 - Barcelona, Spain

  • SERVICE COMPUTATION 2018, The Tenth International Conference on Advanced Service Computing
  • CLOUD COMPUTING 2018, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
  • FUTURE COMPUTING 2018, The Tenth International Conference on Future Computational Technologies and Applications
  • COGNITIVE 2018, The Tenth International Conference on Advanced Cognitive Technologies and Applications
  • ADAPTIVE 2018, The Tenth International Conference on Adaptive and Self-Adaptive Systems and Applications
  • CONTENT 2018, The Tenth International Conference on Creative Content Technologies
  • PATTERNS 2018, The Tenth International Conference on Pervasive Patterns and Applications
  • COMPUTATION TOOLS 2018, The Ninth International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking
  • BUSTECH 2018, The Eighth International Conference on Business Intelligence and Technology

DigitalWorld 2018
March 25 - 29, 2018 - Rome, Italy

  • ICDS 2018, The Twelfth International Conference on Digital Society and eGovernments
  • ACHI 2018, The Eleventh International Conference on Advances in Computer-Human Interactions
  • GEOProcessing 2018, The Tenth International Conference on Advanced Geographic Information Systems, Applications, and Services
  • eTELEMED 2018, The Tenth International Conference on eHealth, Telemedicine, and Social Medicine
  • eLmL 2018, The Tenth International Conference on Mobile, Hybrid, and On-line Learning
  • eKNOW 2018, The Tenth International Conference on Information, Process, and Knowledge Management
  • ALLSENSORS 2018, The Third International Conference on Advances in Sensors, Actuators, Metering and Sensing
  • SMART ACCESSIBILITY 2018, The Third International Conference on Universal Accessibility in the Internet of Things and Smart Environments

NexComm 2018
April 22 - 26, 2018 - Athens, Greece

  • ICDT 2018, The Thirteenth International Conference on Digital Telecommunications
  • SPACOMM 2018, The Tenth International Conference on Advances in Satellite and Space Communications
  • ICN 2018, The Seventeenth International Conference on Networks
    • SOFTNETWORKING 2018, The International Symposium on Advances in Software Defined Networking and Network Functions Virtualization
  • ICONS 2018, The Thirteenth International Conference on Systems
  • MMEDIA 2018, The Tenth International Conference on Advances in Multimedia
  • PESARO 2018, The Eighth International Conference on Performance, Safety and Robustness in Complex Systems and Applications
  • CTRQ 2018, The Eleventh International Conference on Communication Theory, Reliability, and Quality of Service
  • COCORA 2018, The Eighth International Conference on Advances in Cognitive Radio
  • ALLDATA 2018, The Fourth International Conference on Big Data, Small Data, Linked Data and Open Data
    • KESA 2018, The International Workshop on Knowledge Extraction and Semantic Annotation
  • SOFTENG 2018, The Fourth International Conference on Advances and Trends in Software Engineering

InfoSys 2018
May 20 - 24, 2018 - Nice, France

  • ICNS 2018, The Fourteenth International Conference on Networking and Services
  • ICAS 2018, The Fourteenth International Conference on Autonomic and Autonomous Systems
  • ENERGY 2018, The Eighth International Conference on Smart Grids, Green Communications and IT Energy-aware Technologies
  • WEB 2018, The Sixth International Conference on Building and Exploring Web Based Environments
  • DBKDA 2018, The Tenth International Conference on Advances in Databases, Knowledge, and Data Applications
    • GraphSM 2018, The Fifth International Workshop on Large-scale Graph Analysis, Management and Applications
  • SIGNAL 2018, The Third International Conference on Advances in Signal, Image and Video Processing

BioSciencesWorld 2018
May 20 - 24, 2018 - Nice, France

  • BIOTECHNO 2018, The Tenth International Conference on Bioinformatics, Biocomputational Systems and Biotechnologies
  • BIONATURE 2018, The Ninth International Conference on Bioenvironment, Biodiversity and Renewable Energies

DataSys 2018
July 22 - 26, 2018- Barcelona, Spain

  • AICT 2018, The Fourteenth Advanced International Conference on Telecommunications
  • ICIW 2018, The Thirteenth International Conference on Internet and Web Applications and Services
  • ICIMP 2018, The Thirteenth International Conference on Internet Monitoring and Protection
  • SMART 2018, The Seventh International Conference on Smart Cities, Systems, Devices and Technologies
  • IMMM 2018, The Eighth International Conference on Advances in Information Mining and Management
  • INFOCOMP 2018, The Eighth International Conference on Advanced Communications and Computation
    • MODOPT 2018, The International Symposium on Modeling and Optimization
  • MOBILITY 2018, The Eighth International Conference on Mobile Services, Resources, and Users
  • SPWID 2018, The Fourth International Conference on Smart Portable, Wearable, Implantable and Disability-oriented Devices and Systems
  • ACCSE 2018, The Third International Conference on Advances in Computation, Communications and Services

(to be completed)

 


ThinkMind // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article securware_2017_2_10_30015


An Empirical Study of Root-Cause Analysis in Information Security Management

Authors:
Gaute Wangen
Niclas Hellesen
Henrik Torres
Erlend Brækken

Keywords: Information Security; Root cause analysis; Risk Management; Case study.

Abstract:
This paper studies the application of Root-cause analysis (RCA) methodology to a complex socio-technical information security (InfoSec) management problem. InfoSec risk assessment (ISRA) is the common approach for dealing with problems is InfoSec, where the main purpose is to manage risk and maintain an acceptable risk level. In comparison, the RCA tools are designed to identify and eliminate the root-cause of a reoccurring problem. Our case study is a complex issue regarding multiple breaches of the security policy primarily through access control violations. By running a full-scale RCA, this study finds that the benefits of the RCA tools are a better understanding of the social aspects of the risk; RCA highlighted previously unknown social and administrative causes for the problem which in turn provided an improved decision-basis. The problem treatments recommended by the ISRA and the RCA differed in that the ISRA results recommended technical controls, while the RCA suggested more administrative treatments. Furthermore, we found that the ISRA and RCA can complement each other in administrative and technical issues. The main drawback was that our cost-benefit analysis regarding hours spent on RCA was on the borderline of being justifiable. As future work, we propose to develop a leaner version of the RCA scoped for information security problems.

Pages: 26 to 33

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.