Computational security models in organizations: Bringing a pedagogical user-centered perspective Conference Paper uri icon

abstract

  • The security of systems and networks is a multidisciplinary challenge of increasingly importance which has stimulated the development of multiple solutions for an effective response to the requirements that are needed. In pursuing this demand much of the focus of security proposals has focused on ensuring mechanisms that prevent organizations from being attacked from outside their perimeter. However, the evolution of the tasks carried out by the internal organizations collaborators, which demand an increasing degree of use of computational resources and privileged access to multiple sources of information, emerge an increasing concern in the monitoring of the behaviours of the users. In addition to this problem, there is often an ill-defined borderline confusion over what internal workers should be able to do with the resources they have in organizations. The mix between strictly professional use and personal use can be problematic in organization's security context. Define organizations security policies, understand user’ behaviours, act effectively over security incidents and promote users’ organizational security culture, by a pedagogical approach seems to us to be a necessary advance in security frameworks nowadays. This paper presents a reflection on the aspects of internal security of Local Area Networks and proposes a conceptual security framework, which aims to contribute to an effective control and understanding of LANs user’ behaviour, to a real-time response to unwanted occurrences but, especially, to a pedagogical approach to help the development of users’ security culture.
  • UNIAG, R&D unit funded by the FCT – Portuguese Foundation for the Development of Science and Technology, Ministry of Science, Technology and Higher Education. UID/GES/4752/2016

publication date

  • January 1, 2018