Extracting useful information from security assessment interviews

Jeffrey M. Stanton, Isabelle J. Fagnot

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

We conducted N=68 interviews with managers, employees, and information technologists in the course of conducting security assessments of 15 small- and medium-sized organizations. Assessment interviews provide a rich source of information about the security culture and norms of an organization; this information can complement and contextualize the traditional sources of security assessment data, which generally focus on the technical infrastructure of the organization. In this paper we began the process of systematizing audit interview data through the development of a closed vocabulary pertaining to security beliefs. We used a ground-up approach to develop a list of subjects, verbs, objects, and relationships among them that emerged from the audit interviews. We discuss implications for improving the processes and outcomes of security auditing.

Original languageEnglish (US)
Title of host publicationProceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06
Pages127b
DOIs
StatePublished - Oct 17 2006
Event39th Annual Hawaii International Conference on System Sciences, HICSS'06 - Kauai, HI, United States
Duration: Jan 4 2006Jan 7 2006

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume6
ISSN (Print)1530-1605

Other

Other39th Annual Hawaii International Conference on System Sciences, HICSS'06
CountryUnited States
CityKauai, HI
Period1/4/061/7/06

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Extracting useful information from security assessment interviews'. Together they form a unique fingerprint.

  • Cite this

    Stanton, J. M., & Fagnot, I. J. (2006). Extracting useful information from security assessment interviews. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06 (pp. 127b). [1579546] (Proceedings of the Annual Hawaii International Conference on System Sciences; Vol. 6). https://doi.org/10.1109/HICSS.2006.180