A policy driven, human oriented information security model: a case study in UAE banking sector

2019 IEEE Conference on Application, Information and Network Security (AINS) Pub Date : 2019-11-01 DOI:10.1109/AINS47559.2019.8968705

Khalid Eisa Haidar Abdalla Alhosani, S. K. A. Khalid, N. Samsudin, Sapiee Jamel, Kamaruddin Malik Bin Mohamad

{"title":"A policy driven, human oriented information security model: a case study in UAE banking sector","authors":"Khalid Eisa Haidar Abdalla Alhosani, S. K. A. Khalid, N. Samsudin, Sapiee Jamel, Kamaruddin Malik Bin Mohamad","doi":"10.1109/AINS47559.2019.8968705","DOIUrl":null,"url":null,"abstract":"As companies continue to invest in information security, human weaknesses continue to remain a root cause of data breaches in organisations. Several security models have been proposed in the literature but largely remain ineffective at addressing this human vulnerability. In this paper, a policy-driven, human-oriented information security model is proposed. By adopting an information security policy, organizations set strong foundations on which sound security practices can be disseminated and enforced within the organisation. Instead of viewing human as the source of problem, it is a model that put human as the primary source of effectiveness to implement security policy. In this model, staffs in an organization will collectively secure an organisation from attacks. From existing literature and interviews conducted with selected banks in UAE, three primary factors, namely information security policy awareness, security training, and computer & security technology proficiency have been identified and incorporated into the new security model.","PeriodicalId":309381,"journal":{"name":"2019 IEEE Conference on Application, Information and Network Security (AINS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Conference on Application, Information and Network Security (AINS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AINS47559.2019.8968705","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

As companies continue to invest in information security, human weaknesses continue to remain a root cause of data breaches in organisations. Several security models have been proposed in the literature but largely remain ineffective at addressing this human vulnerability. In this paper, a policy-driven, human-oriented information security model is proposed. By adopting an information security policy, organizations set strong foundations on which sound security practices can be disseminated and enforced within the organisation. Instead of viewing human as the source of problem, it is a model that put human as the primary source of effectiveness to implement security policy. In this model, staffs in an organization will collectively secure an organisation from attacks. From existing literature and interviews conducted with selected banks in UAE, three primary factors, namely information security policy awareness, security training, and computer & security technology proficiency have been identified and incorporated into the new security model.

查看原文本刊更多论文

政策驱动、以人为本的信息安全模型:阿联酋银行业的案例研究

随着企业继续在信息安全方面进行投资，人类的弱点仍然是组织中数据泄露的根本原因。文献中已经提出了几种安全模型，但在解决这一人类脆弱性方面基本上仍然无效。本文提出了一种策略驱动的、以人为本的信息安全模型。通过采用资讯保安政策，机构可以建立坚实的基础，在此基础上，良好的保安实践可以在机构内传播和执行。它不是将人视为问题的根源，而是将人作为实现安全策略的主要有效性来源的模型。在这个模型中，组织中的员工将共同保护组织免受攻击。从现有文献和对阿联酋选定银行进行的访谈中，确定了三个主要因素，即信息安全政策意识、安全培训和计算机与安全技术熟练程度，并将其纳入新的安全模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE Conference on Application, Information and Network Security (AINS)

自引率

0.00%

发文量