Information security management systems and socio-technical walkthroughs

Author

Loser, Kai-Uwe ; Nolte, Alexander ; Herrmann, Thomas ; Neues, Haiko Te

Author_Institution

Inf. & Technol. Manage., Ruhr-Univ. Bochum, Bochum, Germany

fYear

2011

fDate

8-8 Sept. 2011

Firstpage

45

Lastpage

51

Abstract

Information Security Management is related to the design of socio-technical work processes. The development and reflection of this kind of processes can be supported with the field-tested method of the socio-technical walkthrough (STWT). Within a project of raising security standards for a university administration infrastructure, STWT was combined with common ISMS methodology. During this project we found indicators for improvement by employing the STWT: technical and organizational measures can be specified in a single effort; contingent relationships can be taken into account as well as vulnerability resulting from characteristics of social structures. Furthermore switching between different levels of abstraction, details and formalization is possible. STWT helps to develop artifacts which support a focused discussion as well as an appropriate documentation.

Keywords

educational administrative data processing; information management; organisational aspects; security of data; social aspects of automation; field tested method; information security management systems; organizational measures; security standards; socio-technical walkthroughs; university administration infrastructure; Conferences; Educational institutions; Humans; Information security; Software; Information security management; Socio-technical systems; socio-technical modeling;

fLanguage

English

Publisher

ieee

Conference_Titel

Socio-Technical Aspects in Security and Trust (STAST), 2011 1st Workshop on

Conference_Location

Milan

Print_ISBN

978-1-4577-1182-4

Type

conf

DOI

10.1109/STAST.2011.6059255

Filename

6059255