Skip to Main Content
Information Security Management is related to the design of socio-technical work processes. The development and reflection of this kind of processes can be supported with the field-tested method of the socio-technical walkthrough (STWT). Within a project of raising security standards for a university administration infrastructure, STWT was combined with common ISMS methodology. During this project we found indicators for improvement by employing the STWT: technical and organizational measures can be specified in a single effort; contingent relationships can be taken into account as well as vulnerability resulting from characteristics of social structures. Furthermore switching between different levels of abstraction, details and formalization is possible. STWT helps to develop artifacts which support a focused discussion as well as an appropriate documentation.