| 1. |
-
Information Security : Foundations, technologies and applications
- 2018
-
Samlingsverk (redaktörskap) (refereegranskat)abstract
- The rapid advancements in telecommunications, computing hardware and software, and data encryption, and the widespread use of electronic data processing and electronic business conducted through the Internet have led to a strong increase in information security threats. The latest advances in information security have increased practical deployments and scalability across a wide range of applications to better secure and protect our information systems and the information stored, processed and transmitted. This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security. Information Security: Foundations, technologies and applications is a comprehensive review of cutting-edge algorithms, technologies, and applications, and provides new insights into a range of fundamentally important topics in the field. This up-to-date body of knowledge is essential reading for researchers and advanced students in information security, and for professionals in sectors where information security is required.
|
|
| 2. |
- Lundgren, Martin, et al.
(författare)
-
Security-related stress : A perspective on information security risk management
- 2019
-
Ingår i: 2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019. - : IEEE. - 9781728102290 - 9781728102306
-
Konferensbidrag (refereegranskat)abstract
- In this study, the enactment of information security risk management by novice practitioners is studied by applying an analytical lens of security-related stress. Two organisations were targeted in the study using a case study approach to obtain data about their practices. The study identifies stressors and stress inhibitors in the ISRM process and the supporting ISRM tools and discusses the implications for practitioners. For example, a mismatch between security standards and how they are interpreted in practice has been identified. This mismatch was further found to be strengthened by the design of the used ISRM tools. Those design shortcomings hamper agility since they may enforce a specific workflow or may restrict documentation. The study concludes that security-related stress can provide additional insight into security-novice practitioners' ISRM challenges.
|
|
| 3. |
|
|
| 4. |
- Iqbal, Sarfraz, et al.
(författare)
-
Towards a design theory for educational on-line information security laboratories
- 2012
-
Ingår i: Advances in Web-Based Learning - ICWL 2012. - Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642336416 - 9783642336423 ; , s. 295-306
-
Konferensbidrag (refereegranskat)abstract
- Online learning for educating information security professionals has increased in popularity. The security curriculum and technology, as well as hands-on laboratory experiences implemented in information security labs, are important elements in an online education system for information security. We drew our motivation from an on-going information security lab development initiative in our own institution, and this paper aims to provide an integrated overview on reported instances of online hands-on education in information security. Our review contributes to the existing knowledge by using the anatomy of design theory framework as a basis for literature analysis, as this provides a common basis to examine theories about human-created information technology artifacts such as information security labs and how such knowledge has been communicated to academia. Our results show that none of the articles studied here puts forward a well-grounded and tested design theory for on-line information security laboratories. This hinders accumulation of knowledge in this area and makes it difficult for others to observe, test and adapt clear design principles for security laboratories and exercises.
|
|
| 5. |
- Bergström, Erik, 1976-, et al.
(författare)
-
Stress Amongst Novice Information Security Risk Management Practitioners
- 2019
-
Ingår i: International Journal on Cyber Situational Awareness. - : Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC). - 2057-2182 .- 2057-2182. ; 4:1, s. 128-154
-
Tidskriftsartikel (refereegranskat)abstract
- Today, information is a key asset for many organisations. Reducing risks of information compromise is increasingly prioritised. However, there is an incomplete understanding of how organisations with limited security knowledge and experience manage information security risks in practice. Previous studies have suggested that security-novice employees faced with burdensome, complex, and ambiguous security requirements can experience security-related stress (SRS), and ultimately influence their security decisions. In this study, we further this research stream by suggesting that SRS can similarly be found with security-novice managers responsible for developing and practising information security risk management (ISRM). Two organisations were targeted in the study using a case study approach, to obtain data about their practices, using SRS as an analytical lens. The study found various examples where SRS influenced security-novice managers’ decisions, and identifies several stressors and stress inhibitors in the ISRM process and supporting ISRM tools, and discusses the implications for practitioners.
|
|
| 6. |
- Bergström, Erik, 1976-, et al.
(författare)
-
Revisiting information security risk management challenges : a practice perspective
- 2019
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:3, s. 358-372
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose – The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.Design/methodology/approach – The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel.Findings – Managerial and organisational concerns that go beyond a technical perspective have been . found, which affect the ongoing social build-up of knowledge in everyday information security work.Research limitations/implications – The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work.Practical implications – The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs.Originality/value – Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches.
|
|
| 7. |
- Harnesk, Dan, et al.
(författare)
-
Materializing organizational information security
- 2012
-
Ingår i: Nordic Contributions in IS Research. - Berlin, Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642322693 - 9783642322709 ; , s. 76-94
-
Konferensbidrag (refereegranskat)abstract
- In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees' security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center
|
|
| 8. |
- Lundgren, Martin
(författare)
-
Rethinking capabilities in information security risk management : a systematic literature review
- 2020
-
Ingår i: International Journal of Risk Assessment and Management. - : InderScience Publishers. - 1466-8297 .- 1741-5241. ; 23:2, s. 169-190
-
Forskningsöversikt (refereegranskat)abstract
- Information security risk management capabilities have predominantly focused on instrumental onsets, while largely ignoring the underlying intentions and knowledge these management practices entail. This article aims to study what capabilities are embedded in information security risk management. A theoretical framework is proposed, namely rethinking capability as the alignment between intent and knowing. The framework is situated around four general risk management practices. A systematic literature review using the framework was conducted, resulting in the identification of eight identified capabilities. These capabilities were grouped into respective practices: integrating various perspectives and values to reach a risk perception aligned with the intended outcome (identify); adapting to varying perspectives of risks and prioritizing them in accordance with the intended outcome (prioritize); security controls to enable resources, and integrate/reconfigure beliefs held by various stakeholders (implement); and sustaining the integrated resources and competences held by stakeholders to continue the alignment with the intended outcome (monitor).
|
|
| 9. |
- Iqbal, Sarfraz, et al.
(författare)
-
Conceptual Model of Online Pedagogical Information Security Laboratory : Toward an Ensemble Artifact
- 2015
-
Ingår i: 2015 48th Hawaii International Conference on System Sciences (HICSS 2015). - Piscataway, NJ : IEEE Communications Society. - 9781479973675 ; , s. 43-52
-
Konferensbidrag (refereegranskat)abstract
- Distance education in information security has unique requirements in comparison to on-campus education. For instance, an online InfoSec lab is required to provide hands-on education to distance students while development and operation of a lab is a non-trivial problem. There is a need to understand the nature of the online InfoSec labs as ensemble artifacts, and just a black-box tool’s view is not enough. This article suggests a conceptual model to explain the ensemble view of the online InfoSec lab. In doing so, the paper makes two specific contributions: First, it conceptualizes the online Information Security (InfoSec) lab as an ensemble artifact so that we can unfold the black-box view of an InfoSec lab and understand the important building blocks (entities of the lab) and their interrelationships. Second, it suggests design principles to implement the conceptual model of an InfoSec lab.
|
|
| 10. |
- Hartikainen, Heidi
(författare)
-
Information security in hierarchical and ad-hoc emergency organizations : differences in communication challenges and training needs
- 2012
-
Ingår i: Norsk konferanse for organisasjoners bruk av informasjonsteknologi. - Trondheim : Tapir Akademisk Forlag. - 9788232101856 - 9788232101856 ; , s. 105-118
-
Konferensbidrag (refereegranskat)abstract
- In their work emergency actors need to be able to adapt to two kinds of different organizations: a) hierarchical organizations, where they reside in their own groups doing routine tasks, and b) ad-hoc organizations formed in emergencies where they have to work together with people from other organizations. This paper presents a case study done in the emergency organizations of one municipality in Finland, discussing the information security of both hierarchical and ad-hoc organizations including for example the communication challenges they face and their training level and needs. The main finding of this paper is something that is little, if at all, discussed in emergency response literature, that emergency actors value different aspects of information security depending on the on whether they work in hierarchical or ad-hoc organizations. When working in hierarchy the most important thing is confidentiality; keeping sensitive information safeguarded. But when responding to emergency the most important things are information availability and integrity; the right information must reach the right person at the right time.The findings also show that the current basic training of emergency actors and the training and guidelines of each organization largely concentrate on confidentiality issues. The tools and communications training that would be needed to ensure information availability and integrity in an adhoc organization is not prioritized. This is a problem concerning that most communication challenges present in emergency communications can be seen to arise in situations when emergency actors are working in ad-hoc organizations.To take into account the dual nature of emergency response work and the needs that it poses for training those responsible for information security training in emergency organizations must therefore improve their training to provide both up to date information security training and awareness building, but also tools and communications training that supports inter-organizational communication.
|
|
