In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014)
Title: Human Aspects of Information Assurance: A Questionnaire-based Quantitative Approach to Assessment
Author(s): Evangelos D. Frangopoulos, Mariki M. Eloff, Lucas M. Venter
Keywords: Information Assurance Assessment Tool, Questionnaire, Information Security, Human Aspects of Information Assurance, PDCA, ISMS, InfoSec
Abstract: In work previously done by the authors, various human aspects of Information Assurance were identified. These comprise Social and Psychological aspects, the effects of Psycho-social risk at the workplace, the application of Influence techniques, user response to Social Engineering Methods and choices based on Economic considerations. Even though these aspects have been
shown to gravely affect Information Assurance, the current level of their incorporation in the Plan-Do-Check-Act virtuous cycle of Information Security Management Systems, leaves a lot to be desired. In order to combine the findings of previous research and effectively provide quantified input that is usable in the context of an Information Security Management System
(ISMS), an appropriate methodology must be introduced. This paper sets the framework and constraints for the methodology and by examining the merits and shortcomings of existing work in the field, proposes a questionnaire-based quantitative methodology that meets the set requirements. This will ultimately provide a tool for rapid, consistent and repeatable assessment of the Information Assurance level, as this is affected by the identified human
aspects of Information Assurance.
Download count: 2118
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.