Computational security models in organizations: Bringing a pedagogical user-centered perspective
Conference Paper
Overview
Research
Additional Document Info
View All
Overview
abstract
The security of systems and networks is a multidisciplinary challenge of increasingly importance
which has stimulated the development of multiple solutions for an effective response to the
requirements that are needed. In pursuing this demand much of the focus of security proposals has
focused on ensuring mechanisms that prevent organizations from being attacked from outside their
perimeter. However, the evolution of the tasks carried out by the internal organizations collaborators,
which demand an increasing degree of use of computational resources and privileged access to multiple
sources of information, emerge an increasing concern in the monitoring of the behaviours of the users.
In addition to this problem, there is often an ill-defined borderline confusion over what internal
workers should be able to do with the resources they have in organizations. The mix between strictly
professional use and personal use can be problematic in organization's security context. Define
organizations security policies, understand user’ behaviours, act effectively over security incidents and
promote users’ organizational security culture, by a pedagogical approach seems to us to be a necessary
advance in security frameworks nowadays.
This paper presents a reflection on the aspects of internal security of Local Area Networks and
proposes a conceptual security framework, which aims to contribute to an effective control and
understanding of LANs user’ behaviour, to a real-time response to unwanted occurrences but,
especially, to a pedagogical approach to help the development of users’ security culture.
UNIAG, R&D unit funded by the FCT – Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education. UID/GES/4752/2016
