A situation awareness model for information security risk management

Abidi, 2008, Survey and analysis of multimodal sensor planning and integration for wide area surveillance, ACM Comput Surv, 41, 1, 10.1145/1456650.1456657 Ahmad, 2012, Incident response teams – challenges in supporting the organizational security function, Comput Secur, 31, 643, 10.1016/j.cose.2012.04.001 AS/NZS ISO/IEC 27005:2011, 2011 Baskerville, 1991, Risk analysis: an interpretive feasibility tool in justifying information systems security, Eur J Inf Syst, 1, 121, 10.1057/ejis.1991.20 Bedny, 1999, Theory of activity and situation awareness, Int J Cognitive Ergon, 3, 63, 10.1207/s15327566ijce0301_5 Bolstad, 2001, Situation awareness: does it change with age?, 272 Bruno, 2008 Carley, 1993, Coding choices for textual analysis: a comparison of content analysis and map analysis, Sociol Methodol, 23, 75, 10.2307/271007 Chauvin, 2013, Human and organizational factors in maritime accidents: analysis of collisions at sea using the HFACS, Accid Anal Prev, 59, 26, 10.1016/j.aap.2013.05.006 Coles, 2003, Operationalizing IT risk management, Comput Secur, 22, 487, 10.1016/S0167-4048(03)00606-0 Colwill, 2009, Human factors in information security: the insider threat – who can you trust these days?, Inf Secur Tech Rep, 14, 186, 10.1016/j.istr.2010.04.004 DeFraites, 2007, Gaining experience with military medical situational awareness and geographic information systems in a simulated influenza epidemic, Mil Med, 172, 1071, 10.7205/MILMED.172.10.1071 Dinev, 2007, The centrality of awareness in the formation of user behavioral intention toward protective information technologies, J Assoc Inf Syst, 8, 386 Dube, 2013, Malware target recognition of unknown threats, IEEE Syst J, 7, 467, 10.1109/JSYST.2012.2221913 Endsley, 1988, Design and evaluation for situation awareness enhancement Endsley, 1990 Endsley, 1995, Toward a theory of situation awareness in dynamic systems, Hum Factors, 37, 32, 10.1518/001872095779049543 Endsley, 2000 Endsley, 2000 Endsley, 2011 Espinosa, 2007, Team knowledge and coordination in geographically distributed software development, J Manag Inf Syst, 24, 135, 10.2753/MIS0742-1222240104 Fioratou, 2010, Beyond monitoring: distributed situation awareness in anaesthesia, BJA Br J Anaesth, 105, 83, 10.1093/bja/aeq137 Groner, 2012, A negotiated-text method for assessing situation awareness information requirements from emergency responders, 259 Gryszkiewicz, 2012, Temporal aspects in crisis management and its implications on interface design for situation awareness, Cognition, Technol Work, 14, 169, 10.1007/s10111-011-0199-y Harris, 2010 Harvey, 2011, To twist or poke? A method for identifying usability issues with the rotary controller and touch screen for control of in-vehicle information systems, Ergonomics, 54, 609, 10.1080/00140139.2011.586063 Hogg, 1993 Hulme, 2004, Getting at risk, 307 2007 2006 2006 Johnson, 2012 2007 Katter, 1979 Koch, 2012, Intensive care unit nurses' information needs and recommendations for integrated displays to improve nurses' situation awareness, J Am Med Inf Assoc, 19, 583, 10.1136/amiajnl-2011-000678 Kotulic, 2004, Why there aren't more information security research studies, Inf Manag, 41, 597, 10.1016/j.im.2003.08.001 Kowalski, 2008 Lowenthal, 2000 Matwyshyn, 2009, CSR and the corporate cyborg: ethical corporate information security practices, J Bus Ethics, 88, 579, 10.1007/s10551-009-0312-9 Miller, 2004 Morineau, 2009, Decision making during preoperative surgical planning, Hum Factors, 51, 67, 10.1177/0018720809332847 Naweed, 2013, Designing simulator tools for rail research: the case study of a train driving microworld, Appl Ergon, 44, 445, 10.1016/j.apergo.2012.10.005 Neuman, 2011 Ng, 2012, Information systems for large-scale event management: a case study, Pac Asia J Assoc Inf Syst, 4, 1 ODNI – Office of the Director of National Intelligence, 2011 Oh, 2011, Information control and terrorism: tracking the Mumbai terrorist attack through twitter, Inf Syst Front, 13, 33, 10.1007/s10796-010-9275-8 Parker, 2007, Risks of risk-based security, Commun ACM, 50, 120, 10.1145/1226736.1226774 Pennathur, 2011, Emergency department patient-tracking system evaluation, Int J Industrial Ergon, 41, 360, 10.1016/j.ergon.2011.02.003 Raiu, 2012, Cyber-threat evolution: the past year, Comput Fraud Secur, 3, 5, 10.1016/S1361-3723(12)70051-9 Rees, 2008, The state of risk assessment practices in information security: an exploratory investigation, J Organ Comput Electron Commer, 18, 255, 10.1080/10919390802421242 Reid, 2010, "Priming, sense-making and help: analysis of player behaviour in an immersive theatrical experience, Pervasive Mob Comput, 6, 499, 10.1016/j.pmcj.2009.07.012 Riley, 2004, Situation awareness and attention allocation measures for quantifying telepresence experiences in teleoperation, Hum Factors Ergon Manuf Serv Industries, 14, 51, 10.1002/hfm.10050 Rogstadius, 2013, CrisisTracker: crowdsourced social media curation for disaster awareness, IBM J Res Dev, 57, 10.1147/JRD.2013.2260692 Rousseau, 2004, Defining and modeling situation awareness: a critical review, 3 Sauer, 2002, Effects of display design on performance in a simulated ship navigation environment, Ergonomics, 45, 329, 10.1080/00140130110116128 Schmittling, 2010, Performing a security risk assessment, ISACA J, 1, 1 Schnell, 2004, Improved Flight technical performance in flight decks equipped with synthetic vision information system displays, Int J Aviat Psychol, 14, 79, 10.1207/s15327108ijap1401_5 Senior, 2008, Deploying a new system for recording and managing information during an emergency to aid decision making, J Bus Continuity Emerg Plan, 2, 267 Shaw, 2009, The impact of information richness on information security awareness training effectiveness, Comput Educ, 52, 92, 10.1016/j.compedu.2008.06.011 Shedden, 2010, Risk management standards - the perception of ease of use, J Inf Syst Secur, 6, 23 Shedden, 2011, Incorporating a knowledge perspective into security risk assessments, VINE J Inf Knowl Manag Syst, 41, 152 Sim, 2012, Information privacy situation awareness: construct and validation, J Comput Inf Syst, 53, 57 Siponen, 2006, Information security standards focus on the existence of process, not its content, Commun ACM, 49, 97, 10.1145/1145287.1145316 Smith, 1995, Situation awareness is adaptive, externally directed consciousness, Hum Factors, 37, 137, 10.1518/001872095779049444 Sonnenwald, 2004, Designing to support situation awareness across distances: an example from a scientific collaboratory, Inf Process Manag, 40, 989, 10.1016/j.ipm.2003.10.002 Stewart, 2012, Death by a thousand facts: criticising the technocratic approach to information security awareness, Inf Manag Comput Secur, 20, 29, 10.1108/09685221211219182 Treverton, 2006, Toward a theory of intelligence Treverton, 2008 USG – US Government, 2009 Utin, 2008, General misconceptions about information security lead to an insecure world, Inf Secur J A Glob Perspect, 17, 164, 10.1080/19393550802369792 Wheaton, 2009, Evaluating intelligence: answering questions asked and not, Int J Intell Count Intell, 22, 614, 10.1080/08850600903143122 Whitman, 2004 Yin, 2009 Yang, 2012, Design principles of integrated information platform for emergency responses: the case of 2008 Beijing Olympic Games, Information Syst Res, 23, 761, 10.1287/isre.1110.0387