A primary task of information security in modern organisations is to ensure the safety of their information assets. The most effective method is to develop and implement an information security system (ISS) that is designed for a specific organisation and meets the organisation-specific requirements. Two methods for creating ISS are considered in the article – development of a complex ISS through systems analysis and the authors’ method for the development of organisational ISS. These methods consider different viewpoints on the system. An example is given with Information Security Viewpoint and related concepts such as “Incident,” “Breach,” “Vulnerability,” “Threats,” “Threat Sources,” and a “Threat Agent” with taking the human factor in account. As the behaviour of employees in relation to the adopted information security policy cannot be predicted, it is necessary to foresee some measures in the process of designing the system.
BT - Information & Security: An International Journal DO - https://doi.org/10.11610/isij.5546 IS - 3 N2 -A primary task of information security in modern organisations is to ensure the safety of their information assets. The most effective method is to develop and implement an information security system (ISS) that is designed for a specific organisation and meets the organisation-specific requirements. Two methods for creating ISS are considered in the article – development of a complex ISS through systems analysis and the authors’ method for the development of organisational ISS. These methods consider different viewpoints on the system. An example is given with Information Security Viewpoint and related concepts such as “Incident,” “Breach,” “Vulnerability,” “Threats,” “Threat Sources,” and a “Threat Agent” with taking the human factor in account. As the behaviour of employees in relation to the adopted information security policy cannot be predicted, it is necessary to foresee some measures in the process of designing the system.
PY - 2024 SE - 261 SP - 261 EP - 272 T2 - Information & Security: An International Journal TI - Applying a New Approach to Consider the Human Factor in the Design of Information Security Systems VL - 55 ER -