Sökning: id:"swepub:oai:DiVA.org:ltu-75129" >
Revisiting informat...
Revisiting information security risk management challenges : a practice perspective
-
- Bergström, Erik, 1976- (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,Forskningscentrum för Informationsteknologi,Informationssystem (IS), Information Systems
-
- Lundgren, Martin (författare)
- Luleå tekniska universitet,Digitala tjänster och system,Department of Computer Science, Information Systems, Luleå University of Technology, Luleå, Sweden
-
- Ericson, Åsa (författare)
- Luleå tekniska universitet,Digitala tjänster och system,Department of Computer Science, Information Systems, Luleå University of Technology, Luleå, Sweden
-
(creator_code:org_t)
- Emerald Group Publishing Limited, 2019
- 2019
- Engelska.
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:3, s. 358-372
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
https://urn.kb.se/re...
-
https://urn.kb.se/re...
-
visa färre...
Abstract
Ämnesord
Stäng
- Purpose – The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.Design/methodology/approach – The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel.Findings – Managerial and organisational concerns that go beyond a technical perspective have been . found, which affect the ongoing social build-up of knowledge in everyday information security work.Research limitations/implications – The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work.Practical implications – The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs.Originality/value – Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches.
Ämnesord
- SAMHÄLLSVETENSKAP -- Medie- och kommunikationsvetenskap -- Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning (hsv//swe)
- SOCIAL SCIENCES -- Media and Communications -- Information Systems, Social aspects (hsv//eng)
Nyckelord
- Asset valuation
- Information security
- Practice theory
- Risk management
- Information systems
- Informationssystem
- Centrumbildning - Centrum för säkerhet i samhälle och kritiska infrastrukturer (CISS)
- Centre - Centre for Critical Infrastructure and Societal Security (CISS)
- Information Systems
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas