SwePub
Sök i LIBRIS databas

  Utökad sökning

onr:"swepub:oai:DiVA.org:kth-545"
 

Sökning: onr:"swepub:oai:DiVA.org:kth-545" > Assessment of Enter...

Assessment of Enterprise Information Security How to make it Credible and Efficient

Johansson, Erik, 1967- (författare)
KTH, Industriella informations- och styrsystem
KTH Skolan för elektro- och systemteknik (EES). Industriella informations- och styrsystem. (creator_code:org_t)
Stockholm : KTH, 2005
Engelska 28 s.
Serie: Trita-ICS, 1104-3504 ; 0502
Läs hela texten (fulltext)
  • Doktorsavhandling (övrigt vetenskapligt)
Abstract Ämnesord
Stäng  
  • Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level. This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient. The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general. The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential. It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels. The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making. The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden. The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.

Ämnesord

NATURVETENSKAP  -- Data- och informationsvetenskap (hsv//swe)
NATURAL SCIENCES  -- Computer and Information Science (hsv//eng)

Nyckelord

Enterprise Information Security
Enterprise Architecture
Security Assessment
Information Technology Management
TECHNOLOGY Information technology
TEKNIKVETENSKAP Informationsteknik

Publikations- och innehållstyp

dok (ämneskategori)
vet (ämneskategori)

Hitta via bibliotek

Till lärosätets databas

Hitta mer i SwePub

Av författaren/redakt...
Johansson, Erik, ...
Om ämnet
NATURVETENSKAP
NATURVETENSKAP
och Data och informa ...
Delar i serien
Trita-ICS,
Av lärosätet
Kungliga Tekniska Högskolan

Sök utanför SwePub

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy