From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis
English
Huynen, Jean-Louis[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Lenzini, Gabriele[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
2017
Proceedings of the 3rd International Conference on Information Systems Security and Privacy
Yes
ICISSP - 3rd International Conference on Information Systems Security and Privacy
from 19-02-2017 to 21-02-2017
Porto
Portugal
[en] Socio-Technical Security ; Information Security Management and Reasoning ; Root Cause Analysis
[en] Inspired by the root cause analysis procedures common in safety, we propose a methodology for a prospective and a retrospective analysis of security and a tool that implements it. When applied prospectively, the methodology guides analysts to assess socio-technical vulnerabilities in a system, helping them to evaluate their choices in designing security policies and controls. But the methodology works also retrospectively. It assists analysts in retrieving the causes of an observed socio-technical attack, guiding them to understand where the information security management of the system has failed. The methodology is tuned to find causes that root in the human-related factors that an attacher can exploit to execute its intrusion.