| 1. |
- Brandt, Patrik, et al.
(författare)
-
Informatisk forskning om riskanalysprocess applicerad på Apoteket AB:s kundcenterverksamhet
- 2004
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- English summary This licentiate paper describes a study of how the introduction of Customer Care Centres into The Corporation of Swedish Pharmacies affects its work on risk analysis. The two Customer Care Centres in operation today function as central nodes to which calls are connected that before were usually answered by one of the country’s 900 pharmacies. In addition the Customer Care Centres can offer extra channels of communication such as fax, e-mail and the Internet via The Corporation of Swedish Pharmacies’ home page, to increase access for customers and other interested parties as well as to meet the demand for different ways of obtaining information in today’s information age. The integration with The Corporation of Swedish Pharmacies’ other systems offers a rapid answering service and allows customers to accomplish the greater part of their errands themselves. What is easily overlooked, however, is how information security is affected by the introduction of Customer Care Centres and the accompanying integration and especially the dangers and risks that threaten the organisation and indirectly even the customers. A valuable tool that is used in information security, to try to foresee as well as to narrow down as many of the threats as possible, is risk analysis. Today one has begun to see an increased awareness in the general public of the risks and threats related to, amongst other things, the Internet regarding its use by both individuals and commercial and other organisations. As a result firms and organisations have realized the importance of pursuing an active security policy in order to provide an appropriate level of security. It is very important that customers have the same confidence in the firm’s or organisation’s trademark as before, irrespective of organisational or technological changes that have taken place internally. An important part of the process to achieve this, is risk analysis and the results it produces. In this study we have drawn attention to the need of adapting the risk analysis, used in the organisation, to the new Customer Care Centres. This need is great, especially since the communication channels are of different kinds. This results in their respective threats being different. Therefore this broad spectrum of threats must be highlighted in risk analysis and the work with it. Developments in the surrounding environment should also be reflected in risk analysis which accordingly needs to be dynamic. In this study we have attached great importance to the placing of risk analysis in a holistic context.
|
|
| 2. |
- Brandt, Patrik, et al.
(författare)
-
System thinking on Risk Analysis
- 2004
-
Ingår i: SABI 2004: Business Systems -- Environmental Contexts.
-
Konferensbidrag (refereegranskat)abstract
- The word risk originates from the Italian word risicare which means to dare and from this point of view, risk is more of a choice than a fate. Risk is about the actions that we dare to take and these in turn depend on the freedom we have to make choices (Bernstein, 1998). It can also be defined as the possibility of harm or loss to any resource within an information system, which accentuate the importance of identifying the organisation's assets (Ramachandran, 2002).The obvious fact that information is one of the most important asset within a company, results in that it is necessary to try to predict the risks that exists against these and consequently also against the organisation's goals and visions. It is impossible to identify all potential risks but a very good tool for identifying as many as possible and then assigning them appropriate protective measures, is the risk analysis.Since many significant security processes are built upon risk analysis and also security planning, it is necessary that the analysis is accomplished in an accurate way. This meaning that factors in the inner and outer surrounding environment that could affect the final result also must be taken into consideration, e.g. different communication channels. Thus, a holistic perspective is necessary when performing a risk analysis but also when working with security issues in general.Today, security solutions are often focused on technology and not on the system as a whole (Schneier, 2000) and considering that development and use of technology has lead us to think in terms of systems, we mean that this should hold for the information security area as well. Also the fact that the concept of wholeness is very important in information security and that general system theory is a general science of wholeness (v. Bertalanffy, 1969), makes us wonder: what could be more suitable to apply on security issues?For that reason, we present some ideas for a modified risk analysis method in this paper, based upon an existing risk analysis used by the case study object The Corporation of Swedish Pharmacies, Apoteket AB. They has recently added two customer care centres to its organisation and as a result of this, also a number of communication channels that are integrated with different information sources that contains classified information, e.g. personal particulars. The ideas of a modified risk analysis could be used by customer care centre organisations using several communication channels. These ideas are influenced by general systems theory that has been combined with a method used to analyse information flows in organisations. We have studied the company's existing risk analysis method and in combination with qualitative data, e.g. interviews, we have some suggestions of a risk analysis that emphasises the holistic perspective and the relations between the different entities in the overall information system.The suggested ideas will be reviewed together with the department of IT-security at Apoteket AB and after that tested within the organisation. It is noticeable that like all work with information security, the suggested method is a cyclic process that constantly develops and undergoes changes in relation to its dynamic context. Results and feedback from this implementation will be presented in forthcoming papers during 2004.
|
|
