Understanding security practices deficiencies: a contextual analysis

Moufida Sadok, Peter Bednar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

57 Downloads (Pure)


This paper seeks to provide an overview of how companies assess and manage security risks in practice. For this purpose we referred to data of security surveys to examine the scope of risk analysis and to identify involved entities in this process. Our analysis shows a continuous focus on data system security rather than on real world organizational context as well as a prevalent involvement of top management and security staff in risk analysis process and in security policy definition and implementation. We therefore suggest that three issues need to be further investigated in the field of information security risk management in order to bridge the gap between design and implementation of secure and usable systems. First, there is a need to broaden the horizon to consider information system as human activity system which is different from a data processing system. Second, the involvement of relevant stakeholders in context for risk analysis leads to better appreciation of security risks. Third, it is necessary to develop ad-hoc tools and techniques to facilitate discussions and dialogue between stakeholders in risk analysis context.
Original languageEnglish
Title of host publicationProceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance
Subtitle of host publicationHAISA 2015
EditorsSteven M. Furnell, Nathan L. Clarke
PublisherUniversity of Plymouth
Number of pages9
ISBN (Print)978-1-84102-388-5
Publication statusPublished - 1 Jul 2015
Event9th International Symposium on Human Aspects of Information Security and Assurance - Lesvos, Lesvos, Greece
Duration: 1 Jul 20153 Jul 2015
Conference number: 128761


Conference9th International Symposium on Human Aspects of Information Security and Assurance
Abbreviated titleHAISA 2015
Internet address


Dive into the research topics of 'Understanding security practices deficiencies: a contextual analysis'. Together they form a unique fingerprint.

Cite this