Application of a human factors-integrated information security framework to an oil and gas organization

Abstract

Information systems support organizations to achieve strategic competitiveness and to improve the decision-making process. In addition, they help timely implementation of projects and effective risk management. A reliable and coherent information system requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing a business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. To date, studies have shown that non-technical risks are as important as technical risks in safeguarding. However, little attention has been paid to the role of human factors or organizational factors. This study validates the importance of non-technical factors based on a case study of an incident analysis using the information security framework with a focus of non-technical factors.