| 1. |
- Björck, Fredrik, 1972-
(författare)
-
Discovering Information Security Management
- 2005
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- This thesis is concerned with issues relating to the management of information security in organisations, motivated by the need for cost-efficient information security.It is based on the assumption that: in order to achieve cost-efficient information security, the point of departure must be knowledge about the empirical reality in which the management of information security takes place.The data gathering instruments employed are questionnaires with open-ended questions and unstructured research interviews. The empirical material is analysed, and conclusions are drawn following the principles of Grounded Theory. Data sources are professionals in the area of information security management, including information security consultants (n=13), certification auditors (n=8), and information security managers (n=8).The main contributions are: an integrated model illustrating the experts’ perceptions concerning the objectives, actors, resources, threats, and countermeasures of information security management; a framework for the evaluation, formation, and implementation of information security management systems; a new approach for the evaluation of information security in organisations; a set of success factors concerning the formation of information security management systems; and a problem inventory concerning the value and assessment of information security education and training.
|
|
| 2. |
- Kowalski, Stewart, et al.
(författare)
-
Information Security Metrics: Research Directions
- 2011
-
Konferensbidrag (refereegranskat)abstract
- This paper is largely based on a state of the art report covering the information security (IS) metrics area produced as part of the Controlled Information Security (COINS) research project funded by the Swedish Civil Contingencies Agency (MSB) and the comprehensive literature review conducted while compiling the report. The report's findings are summarized and some of the key issues discovered in the course of the literature review are reflected upon. Additionally, the paper describes a conceptual systemic scheme/model for the research process, while explaining its relevance to the subject area, that may help with resolution of the outlined issues in future research in the area. The paper is written principally with a management/governance (rather than engineering) perspective in mind
|
|
| 3. |
|
|
| 4. |
- Gebremeskel, Bemenet Kasahun, et al.
(författare)
-
Information Security Challenges During Digital Transformation
- 2023
-
Ingår i: Procedia Computer Science. - : Elsevier BV. - 1877-0509. ; 219, s. 44-51
-
Tidskriftsartikel (refereegranskat)abstract
- Since the proliferation of information technology (IT) into business processes, organisations have grown to rely on a large amount of data to improve their products and services and create added value. This development has made information the most valuable asset for any organisation, which, in turn, has made information security a primary concern for leaders. Despite the tremendous potential of digital transformation, prior empirical studies indicate that information security challenges must be overcome to realise the anticipated benefits. Analysing the data collected from 14 leaders through semi-structured interviews, this study identified six information security challenges facing organisations undertaking digital transformation—financial constraints, risk of security breaches, reduced productivity, reduced access and control over information, lack of expertise, and dynamic security management needs. Propositions, as well as the implication of the findings for research and practice, are discussed.
|
|
| 5. |
|
|
| 6. |
- Kowalski, Stewart, et al.
(författare)
-
Modelling Static and Dynamic Aspects of Security: : A Socio-Technical View on Information Security Metrics
- 2011
-
Ingår i: he 12th International Symposium on Models and Modeling Methodologies in Science and Engineering: MMMse 2011. - 9781936338221
-
Konferensbidrag (refereegranskat)abstract
- Managing something that is not measured is difficult to near impossible and information security is not an exception. In the recent years, this has become increasingly apparent. Noticeable progress has been made in advancing the areas of information security measurement and reporting. However, a number of challenges and gaps still remain, and the existing paradigms meant to address them are not without limitations. In this paper, we suggestsa socio-technical model that was previously used to model USA's national computer security policy as a model that can be applied to the information security metrics area. The model can provide a unifying, holistic view on the area, illustrating interrelationships and gaps between various efforts at different abstraction levels. The proposed model can be mapped to some of the existing paradigms and, possibly, help address some of their individual limitations by offering a more unified perspective
|
|
| 7. |
- Adetona, Temitayo Eniola, et al.
(författare)
-
Matching Information Security Management with Organisational Agility
- 2024
-
Ingår i: AMCIS 2024 Proceedings. - : Association for Information Systems (AIS).
-
Konferensbidrag (refereegranskat)abstract
- Today's organisations are expected to embrace organisational agility—the ability not only to foresee opportunities and risks but also to swiftly respond appropriately. To this end, the significance of emerging information technologies (IT) in enabling organisational agility is recognised. Thus, maintaining the security of IT and related resources (i.e., information security management) has become critical for modern organisations. However, the relationship between organisational agility and information security management has not attracted sufficient attention among researchers. To address the gap in the literature, this case study explores information security challenges organisations face, as well as IT security management practices while maintaining organisational agility. The thematic analysis of the study conducted in Nigeria, based on interviews with information security experts, revealed eighteen measures that can be used to manage information security without compromising organisational agility. We argue that the measures identified will be invaluable for organisations, particularly in the finance sector.
|
|
| 8. |
- Jonathan, Gideon Mekonnen, et al.
(författare)
-
Information Security and Organisational Agility in the Digital Era : Exploring the Role of IT Alignment
- 2020
-
Ingår i: 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). - : IEEE. - 9781728184173 - 9781728184166 ; , s. 0831-0836
-
Konferensbidrag (refereegranskat)abstract
- Even though the private and commercial organisations have been at the forefront of the digital transformation journey, many public organisations have also joined the club anticipating the myriads of opportunities. For the most part, studies indicate that digital transformation provides the means to adopt new forms of communications enabling better collaborations and innovations where customers, suppliers, collaborators and partners come together utilising emerging technologies. In public organisational settings, digital transformation was found to be invaluable as it improves transparency and accountability, enabling the participation of various stakeholders in public decision making. However, the challenges of realising the anticipated success from digital transformation have also been recognised in the literature. The issue of IT alignment has been brought to the fore owing to the relationship it has with various organisational as well as managerial factors with implication on digital transformation success. This paper presents a research-in-progress investigating the influence of IT alignment and its antecedents on organisational agility, information security and digital transformation.
|
|
| 9. |
- Åhlfeldt, Rose-Mharie
(författare)
-
Information Security in Distributed Healthcare : Exploring the Needs for Achieving Patient Safety and Patient Privacy
- 2008
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.This thesis is focused on information security in healthcare when patient information has to be managed and communicated between various healthcare actors and organizations. The work takes a practical approach with a set of investigations from different perspectives and with different professionals involved. Problems and needs have been identified, and a set of guidelines and recommendations has been suggested and developed in order to improve patient safety as well as patient privacy.The results show that a comprehensive view of the entire area concerning patient information management between different healthcare actors is missing. Healthcare, as well as patient processes, have to be analyzed in order to gather knowledge needed for secure patient information management.Furthermore, the results clearly show that there are deficiencies both at the technical and the administrative level of security in all investigated healthcare organizations.The main contribution areas are: an increased understanding of information security by elaborating on the administrative part of information security, the identification of information security problems and needs in cross border healthcare, and a set of guidelines and recommendations in order to advance information security measures in healthcare.
|
|
| 10. |
- Filipidis, Adam, et al.
(författare)
-
Enhancing information security awareness programs through collaborative learning
- 2022
-
Ingår i: Proceedings of the 16th European Conference on Games Based Learning. - : Springer. - 9781914587528
-
Konferensbidrag (refereegranskat)abstract
- Information security attacks targeting human nature, such as phishing, are rising rapidly. Information security Awareness (ISA) programs have been proven to be valuable proactive measures that increase Return On Investment (ROI) regarding information security enhancement. These programs tend to focus on concepts and technical aspects. Although these customary instruction methodologies have their preferences, trainees can additionally take advantage of educational techniques that are more intuitive and situation driven. This study aims to increase the efficiency of learning in such programmes by using design science to create an artefact for learning and then testing the acquired knowledge. Design science will be used as a research method. The creative method, a brainstorming technique, and five steps in design science are performed: explicate the problem, define requirements, design and develop artefact, demonstrate artefact, and evaluate artefact to develop a process framework to respond to this problem. The problem is explicated with a literature review and the requirements to be met by Game-Based Learning (GBL) are set. The first artefact, which is an interactive book support quizzes, crossword puzzles, multimedia such as video, and “complete the word” simple games that enhance the learning process. The second artefact is a printed board game with hackers and cards with the goal to support the learning process and assess the ability of the participants to respond and take actions based on this new knowledge. At last, limitations that exist in security education such as lack of user-centered modules and limited guidelines from learning theories are elaborated and future work is also presented.
|
|
