| 1. |
-
Information Security : Foundations, technologies and applications
- 2018
-
Samlingsverk (redaktörskap) (refereegranskat)abstract
- The rapid advancements in telecommunications, computing hardware and software, and data encryption, and the widespread use of electronic data processing and electronic business conducted through the Internet have led to a strong increase in information security threats. The latest advances in information security have increased practical deployments and scalability across a wide range of applications to better secure and protect our information systems and the information stored, processed and transmitted. This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security. Information Security: Foundations, technologies and applications is a comprehensive review of cutting-edge algorithms, technologies, and applications, and provides new insights into a range of fundamentally important topics in the field. This up-to-date body of knowledge is essential reading for researchers and advanced students in information security, and for professionals in sectors where information security is required.
|
|
| 2. |
- Kolkowska, Ella, et al.
(författare)
-
Analyzing information security goals
- 2012
-
Ingår i: Threats, countermeasures, and advances in applied information security. - : IGI Global. - 9781466609785 ; , s. 91-110
-
Bokkapitel (refereegranskat)
|
|
| 3. |
- Rostami, Elham, 1983-
(författare)
-
Tailoring information security policies : a computerized tool and a design theory
- 2023
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Protecting information assets in organizations is a must and one way for doing it is developing information security policy (ISP) to direct employees’ behavior and define acceptable procedures that employees have to comply with on a daily basis. However, compliance with the ISP is a perennial problem. Non-compliance with ISPs is at least related to two factors: 1) employees’ behavior, and 2) the design of ISPs. Although much attention has been given to understanding and changing employees’ behavior, designing ISPs that are easy to follow has received less attention. Existing research has suggested designing such ISPs using a tailoring approach where the ISP is designed in several versions that fulfill the needs of different target groups of employees. At the same time, tailoring means increased design complexity for information security managers as the designer of ISPs, where computerized tool can aid. Thus, the aim of this thesis is to develop a computerized tool to support information security managers’ tailoring of ISPs and the design principles that such a tool can be based on. To this end, a design science research approach was employed. Using the knowledge from the Situational Method Engineering field as the kernel theory for the design science research project, a set of design principles and a conceptual model were developed in terms of a Unified Modeling Language class diagram. Subsequently, a web-based software (POLCO) was developed based on the proposed conceptual model to support information security managers to design tailored ISPs. The conceptual model and POLCO were developed, demonstrated, and evaluated as a proof-of-concept in three DSR cycles.The thesis contribute to research and practice by proposing the design principles and the conceptual model that can be considered as: 1) a new theory on how to design ISPs, 2) a way to develop software to assist information security managers in designing tailored ISPs. Meanwhile, POLCO as an artifactual contribution can be considered as a starting point for researchers to do studies in the ISP design area.
|
|
| 4. |
- Karlsson, Fredrik, 1974-, et al.
(författare)
-
Inter-organisational information security : a systematic literature review
- 2016
-
Ingår i: Information & Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 24:5, s. 418-451
-
Forskningsöversikt (refereegranskat)abstract
- Purpose: The purpose of this paper is to survey existing inter-organisational information securityresearch to scrutinise the kind of knowledge that is currently available and the way in which thisknowledge has been brought about.Design/methodology/approach: The results are based on a literature review of inter-organisational information security research published between 1990 and 2014.Findings: The authors conclude that existing research has focused on a limited set of research topics.A majority of the research has focused management issues, while employees’/non-staffs’ actualinformation security work in inter-organisational settings is an understudied area. In addition, themajority of the studies have used a subjective/argumentative method, and few studies combinetheoretical work and empirical data.Research limitations/implications: The findings suggest that future research should address abroader set of research topics, focusing especially on employees/non-staff and their use of processes andtechnology in inter-organisational settings, as well as on cultural aspects, which are lacking currently;focus more on theory generation or theory testing to increase the maturity of this sub-field; and use abroader set of research methods.Practical implications: The authors conclude that existing research is to a large extent descriptive,philosophical or theoretical. Thus, it is difficult for practitioners to adopt existing research results, suchas governance frameworks, which have not been empirically validated.Originality/value: Few systematic reviews have assessed the maturity of existinginter-organisational information security research. Findings of authors on research topics, maturity andresearch methods extend beyond the existing knowledge base, which allow for a critical discussionabout existing research in this sub-field of information security.
|
|
| 5. |
- Lundgren, Martin, et al.
(författare)
-
Security-related stress : A perspective on information security risk management
- 2019
-
Ingår i: 2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019. - : IEEE. - 9781728102290 - 9781728102306
-
Konferensbidrag (refereegranskat)abstract
- In this study, the enactment of information security risk management by novice practitioners is studied by applying an analytical lens of security-related stress. Two organisations were targeted in the study using a case study approach to obtain data about their practices. The study identifies stressors and stress inhibitors in the ISRM process and the supporting ISRM tools and discusses the implications for practitioners. For example, a mismatch between security standards and how they are interpreted in practice has been identified. This mismatch was further found to be strengthened by the design of the used ISRM tools. Those design shortcomings hamper agility since they may enforce a specific workflow or may restrict documentation. The study concludes that security-related stress can provide additional insight into security-novice practitioners' ISRM challenges.
|
|
| 6. |
- Metalidou, Efthymia, et al.
(författare)
-
The Human Factor of Information Security : Unintentional Damage Perspective
- 2014
-
Ingår i: Procedia - Social and Behavioral Sciences. - : Elsevier. ; , s. 424-428
-
Konferensbidrag (refereegranskat)abstract
- It is widely acknowledged that employees of an organization are often a weak link in the protection of its information assets. Information security has not been given enough attention in the literature in terms of the human factor effect; researchers have called for more examination in this area. Human factors play a significant role in computer security. In this paper, we focus on the relationship of the human factor on information security presenting the human weaknesses that may lead to unintentional harm to the organization and discuss how information security awareness can be a major tool in overcoming these weaknesses. A framework for a field research is also presented in order to identify the human factors and the major attacks that threat computer security.
|
|
| 7. |
|
|
| 8. |
- Hedström, Karin, 1967-, et al.
(författare)
-
Value conflicts for information security management
- 2011
-
Ingår i: Journal of strategic information systems. - Amsterdam : Elsevier. - 0963-8687 .- 1873-1198. ; 20:4, s. 373-384
-
Tidskriftsartikel (refereegranskat)abstract
- A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model.
|
|
| 9. |
- Iqbal, Sarfraz, et al.
(författare)
-
Towards a design theory for educational on-line information security laboratories
- 2012
-
Ingår i: Advances in Web-Based Learning - ICWL 2012. - Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642336416 - 9783642336423 ; , s. 295-306
-
Konferensbidrag (refereegranskat)abstract
- Online learning for educating information security professionals has increased in popularity. The security curriculum and technology, as well as hands-on laboratory experiences implemented in information security labs, are important elements in an online education system for information security. We drew our motivation from an on-going information security lab development initiative in our own institution, and this paper aims to provide an integrated overview on reported instances of online hands-on education in information security. Our review contributes to the existing knowledge by using the anatomy of design theory framework as a basis for literature analysis, as this provides a common basis to examine theories about human-created information technology artifacts such as information security labs and how such knowledge has been communicated to academia. Our results show that none of the articles studied here puts forward a well-grounded and tested design theory for on-line information security laboratories. This hinders accumulation of knowledge in this area and makes it difficult for others to observe, test and adapt clear design principles for security laboratories and exercises.
|
|
| 10. |
- Karlsson, Martin, 1982-, et al.
(författare)
-
The effect of perceived organizational culture on employees’ information security compliance
- 2022
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 30:3, s. 382-401
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.Design/methodology/approach: The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy,market and bureaucracy.Findings: The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance.Research limitations/implications: The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance.Practical implications: Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations.Originality/value: Few information security policy compliance studies exist on the consequences of different organizational/information cultures.
|
|
