SwePub
Sök i SwePub databas

  Utökad sökning

Träfflista för sökning ""information security" "

Utökad sökning > "information security"

Sortera/gruppera träfflistan
   
NumreringReferensOmslagsbildHitta
1.
  • Lundgren, Björn, 1984- (författare)
  • Defining Information Security
  • ????
  • Tidskriftsartikel (refereegranskat)abstract
    • This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
  •  
2.
  • Karlsson, Fredrik, 1974-, et al. (författare)
  • Information security culture : state-of-the-art review between 2000 and 2013
  • 2015
  • Ingår i: Information and Computer Security. - Emerald. - 2056-4961. ; 23:3, s. 246-285
  • Tidskriftsartikel (refereegranskat)abstract
    • Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about.Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December).Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature.Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research.Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated.Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.
  •  
3.
  •  
4.
  • Kolkowska, Ella, et al. (författare)
  • Analyzing information security goals
  • 2012
  • Ingår i: Threats, countermeasures, and advances in applied information security. - IGI Global. - 978-1-4666-0978-5 ; s. 91-110
  • Bokkapitel (övrigt vetenskapligt)abstract
    • "This book addresses the fact that managing information security program while effectively managing risks has never been so critical, discussing issues such as emerging threats and countermeasures for effective management of information security in organizations"--Provided by publisher.
  •  
5.
  • Rocha Flores, Waldo (författare)
  • Shaping information security behaviors related to social engineering attacks
  • 2016
  • Doktorsavhandling (övrigt vetenskapligt)abstract
    • Today, few companies would manage to continuously stay competitive without the proper utilization of information technology (IT). This has increased companies’ dependency of IT and created new threats that need to be addressed to mitigate risks to daily business operations. A large extent of these IT-related threats includes hackers attempting to gain unauthorized access to internal computer networks by exploiting vulnerabilities in the behaviors of employees. A common way to exploit human vulnerabilities is to deceive and manipulate employees through the use of social engineering. Although researchers have attempted to understand social engineering, there is a lack of empirical research capturing multilevel factors explaining what drives employees’ existing behaviors and how these behaviors can be improved. This is addressed in this thesis.The contribution of this thesis includes (i) an instrument to measure security behaviors and its multilevel determinants, (ii) identification of multilevel variables that significantly influence employees’ intent for behavior change, (iii) identification of what behavioral governance factors that lay the foundation for behavior change, (iv) identification that national culture has a significant effect on how organizations cope with behavioral information security threats, and (v) a strategy to ensure adequate information security behaviors throughout an organization.This thesis is a composite thesis of eight papers. Paper 1 describes the instrument measuring multilevel determinants. Paper 2 and 3 describes how security knowledge is established in organizations, and the effect on employee information security awareness. In Paper 4 the root cause of employees’ intention to change their behaviors and resist social engineering is described. Paper 5 and 8 describes how the instrument to measure social engineering security behaviors was developed and validated through scenario-based surveys and phishing experiments. Paper 6 and 7 describes experiments performed to understand reason to why employees fall for social engineering. Finally, paper 2, 5 and 6 examines the moderating effect of national culture.
6.
  • Lundgren, Björn, 1984-, et al. (författare)
  • Defining Information Security
  • 2017
  • Ingår i: Science and Engineering Ethics. - Springer. - 1353-3452.
  • Tidskriftsartikel (refereegranskat)abstract
    • This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
7.
  • Rocha Flores, Waldo, et al. (författare)
  • Information security knowledge sharing in organizations Investigating the effect of behavioral information security governance and national culture
  • 2014
  • Ingår i: Computers & security (Print). - Elsevier. - 0167-4048. ; 43, s. 90-110
  • Tidskriftsartikel (refereegranskat)abstract
    • This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledge sharing differs based on national culture.The study followed a mixed methods research design, wherein qualitative data was collected to both establish the study’s research model and develop a survey instrument that was distributed to 578 information security executives. The results suggest that processes to coordinate implemented security knowledge sharing mechanisms have a major direct influence on the establishment of security knowledge sharing in organizations; the effect of organizational structure (e.g., centralized security function to develop and deploy uniform firm-wide policies, and use of steering committees to facilitate information security planning) is slightly weaker, while business-based information security management has no significant direct effect on security knowledge sharing. A mediation analysis revealed that the reason for the non-significant direct relation between business-based information security management and security knowledge sharing is the fully mediating effect of coordinating information security processes. Thus, the results disentangles the interrelated influences of behavioral information security governance factors on security knowledge sharing by showing that information security governance sets the platform to establish security knowledge sharing, and coordinating processes realize the effect of both the structure of the information security function and the alignment of information security management with business needs.A multigroup analysis identified that national culture had a significant moderating effect on the association between four of the six proposed relations. In Sweden – which is seen as a less individualist, feminine country – managers tend to focus their efforts on implementing controls that are aligned with business activities and employees’ need; monitoring the effectiveness of the implemented controls, and assuring that the controls are not too obtrusive to the end user. On the contrary, US organizations establish security knowledge sharing in their organization through formal arrangements and structures. These results imply that Swedish managers perceive it to be important to involve, or at least know how their employees cope with the decisions that have been made, thus favoring local participation in information security management, while US managers may feel the need to have more central control when running their information security function.The findings suggest that national culture should be taken into consideration in future studies – in particular when investigating organizations operating in a global environment – and understand how it affects behaviors and decision-making. 
8.
  • Björck, Fredrik, 1972- (författare)
  • Discovering Information Security Management
  • 2005
  • Doktorsavhandling (övrigt vetenskapligt)abstract
    • This thesis is concerned with issues relating to the management of information security in organisations, motivated by the need for cost-efficient information security.It is based on the assumption that: in order to achieve cost-efficient information security, the point of departure must be knowledge about the empirical reality in which the management of information security takes place.The data gathering instruments employed are questionnaires with open-ended questions and unstructured research interviews. The empirical material is analysed, and conclusions are drawn following the principles of Grounded Theory. Data sources are professionals in the area of information security management, including information security consultants (n=13), certification auditors (n=8), and information security managers (n=8).The main contributions are: an integrated model illustrating the experts’ perceptions concerning the objectives, actors, resources, threats, and countermeasures of information security management; a framework for the evaluation, formation, and implementation of information security management systems; a new approach for the evaluation of information security in organisations; a set of success factors concerning the formation of information security management systems; and a problem inventory concerning the value and assessment of information security education and training.
  •  
9.
  • Karlsson, Fredrik, 1974-, et al. (författare)
  • Inter-organisational information security : a systematic literature review
  • 2016
  • Ingår i: Information & Computer Security. - Emerald Group Publishing Limited. - 2056-4961. ; 24:5, s. 418-451
  • Tidskriftsartikel (refereegranskat)abstract
    • Purpose: The purpose of this paper is to survey existing inter-organisational information securityresearch to scrutinise the kind of knowledge that is currently available and the way in which thisknowledge has been brought about.Design/methodology/approach: The results are based on a literature review of inter-organisational information security research published between 1990 and 2014.Findings: The authors conclude that existing research has focused on a limited set of research topics.A majority of the research has focused management issues, while employees’/non-staffs’ actualinformation security work in inter-organisational settings is an understudied area. In addition, themajority of the studies have used a subjective/argumentative method, and few studies combinetheoretical work and empirical data.Research limitations/implications: The findings suggest that future research should address abroader set of research topics, focusing especially on employees/non-staff and their use of processes andtechnology in inter-organisational settings, as well as on cultural aspects, which are lacking currently;focus more on theory generation or theory testing to increase the maturity of this sub-field; and use abroader set of research methods.Practical implications: The authors conclude that existing research is to a large extent descriptive,philosophical or theoretical. Thus, it is difficult for practitioners to adopt existing research results, suchas governance frameworks, which have not been empirically validated.Originality/value: Few systematic reviews have assessed the maturity of existinginter-organisational information security research. Findings of authors on research topics, maturity andresearch methods extend beyond the existing knowledge base, which allow for a critical discussionabout existing research in this sub-field of information security.
  •  
10.
  • Johnson, Pontus, et al. (författare)
  • Assessment of Business Process Information Security
  • 2007
  • Ingår i: International Journal of Business Process Integration and Management. - 1741-8763. ; 3:2, s. 118-130
  • Tidskriftsartikel (refereegranskat)abstract
    • Business processes are increasingly dependent on their supporting information systems. With this dependence comes an increased security risk with respect to the information flowing through the processes. This paper presents a method for assessment of the level of information security within business processes in the form of a percentage number, where a high score indicates good information security and a low score indicates a poor level of information security. The method also provides a numerical estimate of the credibility of the information security score, so that an assessment based on few and uncertain pieces of evidence is associated with low credibility and an assessment based on a large set of trustworthy evidence is associated with high credibility. A common problem with information security assessments is the cost related to collecting the required evidence. The paper proposes an evidence collection strategy designed to minimize the effort spent on gathering assessment data while maintaining the desired credibility of the results. A case study is presented, demonstrating the use of the method.
  •  
Skapa referenser, mejla, bekava och länka
Åtkomst
fritt online (140)
Typ av publikation
konferensbidrag (198)
tidskriftsartikel (109)
doktorsavhandling (28)
bokkapitel (20)
licentiatavhandling (16)
annan publikation (15)
visa fler...
rapport (11)
bok (4)
proceedings (redaktörskap) (4)
forskningsöversikt (3)
visa färre...
Typ av innehåll
refereegranskat (292)
övrigt vetenskapligt (101)
populärvet., debatt m.m. (15)
Författare/redaktör
Yngström, Louise (26)
Kowalski, Stewart, (25)
Åhlfeldt, Rose-Mhari ... (24)
Ekstedt, Mathias, (21)
Harnesk, Dan, (19)
Rocha Flores, Waldo, (18)
visa fler...
Lindström, John, (15)
Hedström, Karin, 196 ... (14)
Karlsson, Fredrik, 1 ... (14)
Johnson, Pontus, (13)
Söderström, Eva, (10)
Holm, Hannes, (10)
Iqbal, Sarfraz, (10)
Nohlberg, Marcus, (9)
Kolkowska, Ella, 197 ... (9)
Awad, Ali Ismail, (8)
Torra, Vicenç, (8)
Johansson, Thomas, (8)
Kolkowska, Ella, (8)
Monfelt, Yngve, (8)
Johansson, Erik, (7)
Päivärinta, Tero (7)
Sommestad, Teodor, (7)
Fischer-Hübner, Simo ... (6)
Russo, Alejandro, 19 ... (6)
Hallberg, Jonas, (6)
Magnusson, Lars, 195 ... (6)
Boldt, Martin, (6)
Lagerström, Robert, (6)
Dhillon, Gurpreet (6)
Kajtazi, Miranda, (6)
Abbas, Haider, (5)
Hemani, Ahmed, (5)
Sabelfeld, Andrei, 1 ... (5)
Thapa, Devinder, (5)
Brandt, Patrik, (5)
Magnusson, Christer (4)
Al Sabbagh, Bilal, (4)
Brodin, Martin, (4)
Fischer Hübner, Simo ... (4)
Eriksson, Nomie, 195 ... (4)
Eriksson, Nomie, (4)
Bergström, Erik, 197 ... (4)
Hell, Martin, (4)
Guo, Qian, (4)
Fritsch, Lothar, 197 ... (4)
Dayarathna, Rasika, (4)
Kajtazi, Miranda, 19 ... (4)
Hartikainen, Heidi, (4)
Åhlfeldt, Rose-Mhari ... (4)
visa färre...
Lärosäte
Kungliga Tekniska Högskolan (79)
Luleå tekniska universitet (59)
Stockholms universitet (53)
Högskolan i Skövde (53)
Örebro universitet (38)
Lunds universitet (30)
visa fler...
Linköpings universitet (29)
Linnéuniversitetet (25)
Karlstads universitet (19)
Chalmers tekniska högskola (16)
Göteborgs universitet (10)
Blekinge Tekniska Högskola (10)
Uppsala universitet (7)
Mittuniversitetet (6)
Högskolan i Jönköping (4)
RISE (3)
Försvarshögskolan (3)
Umeå universitet (2)
Malmö universitet (2)
Södertörns högskola (2)
Karolinska Institutet (2)
Högskolan Väst (1)
Mälardalens högskola (1)
Högskolan i Borås (1)
Högskolan Dalarna (1)
visa färre...
Språk
Engelska (396)
Svenska (8)
Italienska (1)
Odefinierat språk (1)
Forskningsämne (UKÄ/SCB)
Naturvetenskap (213)
Samhällsvetenskap (114)
Teknik (88)
Medicin och hälsovetenskap (9)
Humaniora (5)

År

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy