This site uses encryption for transmitting your passwords. ratmilwebsolutions.com
CheckIT – A Program to Measure and Improve Information Security and Safety Culture
Volume 3, Number 1, January 2007 - Paper 15 - pp. 171 - 186
STIG O. JOHNSEN1, CHRISTIAN WAALE HANSEN2, MARIA BARTNES LINE1, YNGVE NORDBY2, ELIOT RICH3 and YING QIAN41SINTEF, Norway
3University of Albany, SUNY
4Agder University College, Norway
(Received from the Guest Editor on July 31, 2006)
Remote IT-based support and operations of offshore oil and gas installations are increasing. The technology used to support operations is changing from proprietary closed process control systems to standardize IT systems, connected to internal networks and the Internet. In addition, a network of companies is increasingly performing operations and management. The standardized PCs using MS Windows have more vulnerability than the proprietary systems used earlier, and the increased connections and participants in the networks increase the vulnerability. This creates the need for improved information security. Our hypothesis is that an important contribution to improved information security and safety is an improved safety and security culture and improved information sharing during operations and incident handling. Such a safety and security culture should be explicitly directed towards actions that support learning. We have developed a method called CheckIT, consisting of a questionnaire and a process to improve information security and safety culture based on group discussions of key issues. Future work in this area includes refinement of the questionnaire, as well as the use of system simulation to develop a holistic perspective on the causes and outcomes of their security policies.
Please note : You will need Adobe Acrobat viewer to view the full articles.