Extracting useful information from security assessment interviews

Jeffrey M. Stanton; Isabelle J. Fagnot

doi:10.1109/HICSS.2006.180

Extracting useful information from security assessment interviews

Jeffrey M. Stanton, Isabelle J. Fagnot

School of Information Studies

Research output: Chapter in Book/Entry/Poem › Conference contribution

1 Scopus citations

Abstract

We conducted N=68 interviews with managers, employees, and information technologists in the course of conducting security assessments of 15 small- and medium-sized organizations. Assessment interviews provide a rich source of information about the security culture and norms of an organization; this information can complement and contextualize the traditional sources of security assessment data, which generally focus on the technical infrastructure of the organization. In this paper we began the process of systematizing audit interview data through the development of a closed vocabulary pertaining to security beliefs. We used a ground-up approach to develop a list of subjects, verbs, objects, and relationships among them that emerged from the audit interviews. We discuss implications for improving the processes and outcomes of security auditing.

Original language	English (US)
Title of host publication	Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06
Pages	127b
DOIs	https://doi.org/10.1109/HICSS.2006.180
State	Published - 2006
Event	39th Annual Hawaii International Conference on System Sciences, HICSS'06 - Kauai, HI, United States Duration: Jan 4 2006 → Jan 7 2006

Publication series

Name	Proceedings of the Annual Hawaii International Conference on System Sciences
Volume	6
ISSN (Print)	1530-1605

Other

Other	39th Annual Hawaii International Conference on System Sciences, HICSS'06
Country/Territory	United States
City	Kauai, HI
Period	1/4/06 → 1/7/06

ASJC Scopus subject areas

General Engineering

Access to Document

10.1109/HICSS.2006.180

Cite this

Extracting useful information from security assessment interviews. / Stanton, Jeffrey M.; Fagnot, Isabelle J.
Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06. 2006. p. 127b 1579546 (Proceedings of the Annual Hawaii International Conference on System Sciences; Vol. 6).

Research output: Chapter in Book/Entry/Poem › Conference contribution

Stanton, JM & Fagnot, IJ 2006, Extracting useful information from security assessment interviews. in Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06., 1579546, Proceedings of the Annual Hawaii International Conference on System Sciences, vol. 6, pp. 127b, 39th Annual Hawaii International Conference on System Sciences, HICSS'06, Kauai, HI, United States, 1/4/06. https://doi.org/10.1109/HICSS.2006.180

@inproceedings{6ea0abc9c965448aa3533e79da836585,

title = "Extracting useful information from security assessment interviews",

abstract = "We conducted N=68 interviews with managers, employees, and information technologists in the course of conducting security assessments of 15 small- and medium-sized organizations. Assessment interviews provide a rich source of information about the security culture and norms of an organization; this information can complement and contextualize the traditional sources of security assessment data, which generally focus on the technical infrastructure of the organization. In this paper we began the process of systematizing audit interview data through the development of a closed vocabulary pertaining to security beliefs. We used a ground-up approach to develop a list of subjects, verbs, objects, and relationships among them that emerged from the audit interviews. We discuss implications for improving the processes and outcomes of security auditing.",

author = "Stanton, {Jeffrey M.} and Fagnot, {Isabelle J.}",

year = "2006",

doi = "10.1109/HICSS.2006.180",

language = "English (US)",

isbn = "0769525075",

series = "Proceedings of the Annual Hawaii International Conference on System Sciences",

pages = "127b",

booktitle = "Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06",

note = "39th Annual Hawaii International Conference on System Sciences, HICSS'06 ; Conference date: 04-01-2006 Through 07-01-2006",

}

TY - GEN

T1 - Extracting useful information from security assessment interviews

AU - Stanton, Jeffrey M.

AU - Fagnot, Isabelle J.

PY - 2006

Y1 - 2006

N2 - We conducted N=68 interviews with managers, employees, and information technologists in the course of conducting security assessments of 15 small- and medium-sized organizations. Assessment interviews provide a rich source of information about the security culture and norms of an organization; this information can complement and contextualize the traditional sources of security assessment data, which generally focus on the technical infrastructure of the organization. In this paper we began the process of systematizing audit interview data through the development of a closed vocabulary pertaining to security beliefs. We used a ground-up approach to develop a list of subjects, verbs, objects, and relationships among them that emerged from the audit interviews. We discuss implications for improving the processes and outcomes of security auditing.

AB - We conducted N=68 interviews with managers, employees, and information technologists in the course of conducting security assessments of 15 small- and medium-sized organizations. Assessment interviews provide a rich source of information about the security culture and norms of an organization; this information can complement and contextualize the traditional sources of security assessment data, which generally focus on the technical infrastructure of the organization. In this paper we began the process of systematizing audit interview data through the development of a closed vocabulary pertaining to security beliefs. We used a ground-up approach to develop a list of subjects, verbs, objects, and relationships among them that emerged from the audit interviews. We discuss implications for improving the processes and outcomes of security auditing.

UR - http://www.scopus.com/inward/record.url?scp=33749599144&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749599144&partnerID=8YFLogxK

U2 - 10.1109/HICSS.2006.180

DO - 10.1109/HICSS.2006.180

M3 - Conference contribution

AN - SCOPUS:33749599144

SN - 0769525075

SN - 9780769525075

T3 - Proceedings of the Annual Hawaii International Conference on System Sciences

SP - 127b

BT - Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS'06

T2 - 39th Annual Hawaii International Conference on System Sciences, HICSS'06

Y2 - 4 January 2006 through 7 January 2006

ER -

Extracting useful information from security assessment interviews

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this