| 1. |
-
Information Security : Foundations, technologies and applications
- 2018
-
Samlingsverk (redaktörskap) (refereegranskat)abstract
- The rapid advancements in telecommunications, computing hardware and software, and data encryption, and the widespread use of electronic data processing and electronic business conducted through the Internet have led to a strong increase in information security threats. The latest advances in information security have increased practical deployments and scalability across a wide range of applications to better secure and protect our information systems and the information stored, processed and transmitted. This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security. Information Security: Foundations, technologies and applications is a comprehensive review of cutting-edge algorithms, technologies, and applications, and provides new insights into a range of fundamentally important topics in the field. This up-to-date body of knowledge is essential reading for researchers and advanced students in information security, and for professionals in sectors where information security is required.
|
|
| 2. |
- Karlsson, Fredrik, 1974-, et al.
(författare)
-
Information security culture : state-of-the-art review between 2000 and 2013
- 2015
-
Ingår i: Information and Computer Security. - : Emerald. - 2056-4961. ; 23:3, s. 246-285
-
Forskningsöversikt (refereegranskat)abstract
- Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about.Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December).Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature.Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research.Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated.Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.
|
|
| 3. |
- Kajtazi, Miranda, 1983-, et al.
(författare)
-
Information Security Policy Compliance : An Empirical Study on Escalation of Commitment
- 2013
-
Ingår i: 19th Americas Conference on Information Systems (AMCIS 2013). - Red Hook, N.Y. : Curran Associates, Inc.. - 9781629933948 ; , s. 2011-2020
-
Konferensbidrag (refereegranskat)abstract
- This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.
|
|
| 4. |
- Kolkowska, Ella, et al.
(författare)
-
Analyzing information security goals
- 2012
-
Ingår i: Threats, countermeasures, and advances in applied information security. - : IGI Global. - 9781466609785 ; , s. 91-110
-
Bokkapitel (refereegranskat)
|
|
| 5. |
- Lundgren, Björn, 1984-, et al.
(författare)
-
Defining Information Security
- 2017
-
Ingår i: Science and Engineering Ethics. - : Springer. - 1353-3452 .- 1471-5546.
-
Tidskriftsartikel (refereegranskat)abstract
- This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
|
|
| 6. |
- Rocha Flores, Waldo, et al.
(författare)
-
Information security knowledge sharing in organizations : Investigating the effect of behavioral information security governance and national culture
- 2014
-
Ingår i: Computers & security (Print). - : Elsevier. - 0167-4048 .- 1872-6208. ; 43, s. 90-110
-
Tidskriftsartikel (refereegranskat)abstract
- This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledge sharing differs based on national culture.The study followed a mixed methods research design, wherein qualitative data was collected to both establish the study’s research model and develop a survey instrument that was distributed to 578 information security executives. The results suggest that processes to coordinate implemented security knowledge sharing mechanisms have a major direct influence on the establishment of security knowledge sharing in organizations; the effect of organizational structure (e.g., centralized security function to develop and deploy uniform firm-wide policies, and use of steering committees to facilitate information security planning) is slightly weaker, while business-based information security management has no significant direct effect on security knowledge sharing. A mediation analysis revealed that the reason for the non-significant direct relation between business-based information security management and security knowledge sharing is the fully mediating effect of coordinating information security processes. Thus, the results disentangles the interrelated influences of behavioral information security governance factors on security knowledge sharing by showing that information security governance sets the platform to establish security knowledge sharing, and coordinating processes realize the effect of both the structure of the information security function and the alignment of information security management with business needs.A multigroup analysis identified that national culture had a significant moderating effect on the association between four of the six proposed relations. In Sweden – which is seen as a less individualist, feminine country – managers tend to focus their efforts on implementing controls that are aligned with business activities and employees’ need; monitoring the effectiveness of the implemented controls, and assuring that the controls are not too obtrusive to the end user. On the contrary, US organizations establish security knowledge sharing in their organization through formal arrangements and structures. These results imply that Swedish managers perceive it to be important to involve, or at least know how their employees cope with the decisions that have been made, thus favoring local participation in information security management, while US managers may feel the need to have more central control when running their information security function.The findings suggest that national culture should be taken into consideration in future studies – in particular when investigating organizations operating in a global environment – and understand how it affects behaviors and decision-making.
|
|
| 7. |
- Karlsson, Fredrik, 1974-, et al.
(författare)
-
Inter-organisational information security : a systematic literature review
- 2016
-
Ingår i: Information & Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 24:5, s. 418-451
-
Forskningsöversikt (refereegranskat)abstract
- Purpose: The purpose of this paper is to survey existing inter-organisational information securityresearch to scrutinise the kind of knowledge that is currently available and the way in which thisknowledge has been brought about.Design/methodology/approach: The results are based on a literature review of inter-organisational information security research published between 1990 and 2014.Findings: The authors conclude that existing research has focused on a limited set of research topics.A majority of the research has focused management issues, while employees’/non-staffs’ actualinformation security work in inter-organisational settings is an understudied area. In addition, themajority of the studies have used a subjective/argumentative method, and few studies combinetheoretical work and empirical data.Research limitations/implications: The findings suggest that future research should address abroader set of research topics, focusing especially on employees/non-staff and their use of processes andtechnology in inter-organisational settings, as well as on cultural aspects, which are lacking currently;focus more on theory generation or theory testing to increase the maturity of this sub-field; and use abroader set of research methods.Practical implications: The authors conclude that existing research is to a large extent descriptive,philosophical or theoretical. Thus, it is difficult for practitioners to adopt existing research results, suchas governance frameworks, which have not been empirically validated.Originality/value: Few systematic reviews have assessed the maturity of existinginter-organisational information security research. Findings of authors on research topics, maturity andresearch methods extend beyond the existing knowledge base, which allow for a critical discussionabout existing research in this sub-field of information security.
|
|
| 8. |
- Lundgren, Martin, et al.
(författare)
-
Security-related stress : A perspective on information security risk management
- 2019
-
Ingår i: 2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019. - : IEEE. - 9781728102290 - 9781728102306
-
Konferensbidrag (refereegranskat)abstract
- In this study, the enactment of information security risk management by novice practitioners is studied by applying an analytical lens of security-related stress. Two organisations were targeted in the study using a case study approach to obtain data about their practices. The study identifies stressors and stress inhibitors in the ISRM process and the supporting ISRM tools and discusses the implications for practitioners. For example, a mismatch between security standards and how they are interpreted in practice has been identified. This mismatch was further found to be strengthened by the design of the used ISRM tools. Those design shortcomings hamper agility since they may enforce a specific workflow or may restrict documentation. The study concludes that security-related stress can provide additional insight into security-novice practitioners' ISRM challenges.
|
|
| 9. |
- Johnson, Pontus, et al.
(författare)
-
Assessment of Business Process Information Security
- 2007
-
Ingår i: International Journal of Business Process Integration and Management. - 1741-8763. ; 3:2, s. 118-130
-
Tidskriftsartikel (refereegranskat)abstract
- Business processes are increasingly dependent on their supporting information systems. With this dependence comes an increased security risk with respect to the information flowing through the processes. This paper presents a method for assessment of the level of information security within business processes in the form of a percentage number, where a high score indicates good information security and a low score indicates a poor level of information security. The method also provides a numerical estimate of the credibility of the information security score, so that an assessment based on few and uncertain pieces of evidence is associated with low credibility and an assessment based on a large set of trustworthy evidence is associated with high credibility. A common problem with information security assessments is the cost related to collecting the required evidence. The paper proposes an evidence collection strategy designed to minimize the effort spent on gathering assessment data while maintaining the desired credibility of the results. A case study is presented, demonstrating the use of the method.
|
|
| 10. |
- Metalidou, Efthymia, et al.
(författare)
-
The Human Factor of Information Security : Unintentional Damage Perspective
- 2014
-
Ingår i: Procedia - Social and Behavioral Sciences. - : Elsevier. ; , s. 424-428
-
Konferensbidrag (refereegranskat)abstract
- It is widely acknowledged that employees of an organization are often a weak link in the protection of its information assets. Information security has not been given enough attention in the literature in terms of the human factor effect; researchers have called for more examination in this area. Human factors play a significant role in computer security. In this paper, we focus on the relationship of the human factor on information security presenting the human weaknesses that may lead to unintentional harm to the organization and discuss how information security awareness can be a major tool in overcoming these weaknesses. A framework for a field research is also presented in order to identify the human factors and the major attacks that threat computer security.
|
|
