Sök i SwePub databas

  Utökad sökning

Träfflista för sökning ""information security" "

Utökad sökning > "information security"

Sortera/gruppera träfflistan
  • Karlsson, Fredrik, 1974-, et al. (författare)
  • Information security culture : state-of-the-art review between 2000 and 2013
  • 2015
  • Ingår i: Information and Computer Security. - : Emerald. - 2056-4961. ; 23:3, s. 246-285
  • Tidskriftsartikel (refereegranskat)abstract
    • Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about.Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December).Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature.Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research.Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated.Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.
  • Bergström, Erik, 1976- (författare)
  • Supporting Information Security Management : Developing a Method for Information Classification
  • 2020
  • Doktorsavhandling (övrigt vetenskapligt)abstract
    • In the highly digitalised world in which we live today, information and information systems have become critical assets to organisations, and hence need to be safeguarded accordingly. In order to implement and work with information security in a structured way, an Information Security Management System (ISMS) can be implemented. Asset management is a central activity in ISMS that aims at identifying, assigning ownership and adding protection to information assets. One activity within asset management is information classification that has the objective to ensure that the information receives an appropriate level of protection in accordance with its importance to the organisation. Information classification is a well-known practice for all kinds of organisations, both in the private and public sector, and is included in different variants in standards such as ISO/IEC 27002, COBIT and NIST-SP800.However, information classification has received little attention from academia, and many organisations are struggling with the implementation. The reasons behind why it is problematic, and how to address such issues, are largely unknown. Furthermore, existing approaches, described in, for example, standards and national recommendations, do not provide a coherent and systematic approach to information classification. The short descriptions in standards, and literature alike, leave out essential aspects needed for many organisations to adopt and implement information classification. There is, for instance, a lack of detailed descriptions regarding (1) procedures and concepts, (2) how to tailor the approach for different situations, (3) a framework that structures and guides the classification, (4) what roles should be involved in the classification, and (5) how information with different granularity is handled.This thesis aims to increase the applicability of information classification by developing a method for information classification in ISMS that draws from established standards and practice. In order to address this aim, a Design Science Research (DSR) study was performed in three cycles. A wide range of data was collected, including a series of interviews with experts and novices on information classification, a survey, most of the Swedish public sector information classification policies, and observations. There are three main contributions made by this thesis (1) the identification of issues and enablers for information classification, (2) the design principles underpinning the development of a method for information classification, and (3) the method for information classification itself. Contributions have also been made to the context around information classification, such as, for example, 20 practical suggestions for how to meet documented challenges in practice.
  • Kolkowska, Ella, et al. (författare)
  • Analyzing information security goals
  • 2012
  • Ingår i: Threats, countermeasures, and advances in applied information security. - : IGI Global. - 9781466609785 ; , s. 91-110
  • Bokkapitel (refereegranskat)
  • Rocha Flores, Waldo (författare)
  • Shaping information security behaviors related to social engineering attacks
  • 2016
  • Doktorsavhandling (övrigt vetenskapligt)abstract
    • Today, few companies would manage to continuously stay competitive without the proper utilization of information technology (IT). This has increased companies’ dependency of IT and created new threats that need to be addressed to mitigate risks to daily business operations. A large extent of these IT-related threats includes hackers attempting to gain unauthorized access to internal computer networks by exploiting vulnerabilities in the behaviors of employees. A common way to exploit human vulnerabilities is to deceive and manipulate employees through the use of social engineering. Although researchers have attempted to understand social engineering, there is a lack of empirical research capturing multilevel factors explaining what drives employees’ existing behaviors and how these behaviors can be improved. This is addressed in this thesis.The contribution of this thesis includes (i) an instrument to measure security behaviors and its multilevel determinants, (ii) identification of multilevel variables that significantly influence employees’ intent for behavior change, (iii) identification of what behavioral governance factors that lay the foundation for behavior change, (iv) identification that national culture has a significant effect on how organizations cope with behavioral information security threats, and (v) a strategy to ensure adequate information security behaviors throughout an organization.This thesis is a composite thesis of eight papers. Paper 1 describes the instrument measuring multilevel determinants. Paper 2 and 3 describes how security knowledge is established in organizations, and the effect on employee information security awareness. In Paper 4 the root cause of employees’ intention to change their behaviors and resist social engineering is described. Paper 5 and 8 describes how the instrument to measure social engineering security behaviors was developed and validated through scenario-based surveys and phishing experiments. Paper 6 and 7 describes experiments performed to understand reason to why employees fall for social engineering. Finally, paper 2, 5 and 6 examines the moderating effect of national culture.
  • Lundgren, Martin, et al. (författare)
  • Security-related stress : A perspective on information security risk management
  • 2019
  • Ingår i: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). - United Kingdom : IEEE. - 9781728102290 - 9781728102306 ; , s. 273-280
  • Konferensbidrag (refereegranskat)abstract
    • In this study, the enactment of information security risk management by novice practitioners is studied by applying an analytical lens of security-related stress. Two organisations were targeted in the study using a case study approach to obtain data about their practices. The study identifies stressors and stress inhibitors in the ISRM process and the supporting ISRM tools and discusses the implications for practitioners. For example, a mismatch between security standards and how they are interpreted in practice has been identified. This mismatch was further found to be strengthened by the design of the used ISRM tools. Those design shortcomings hamper agility since they may enforce a specific workflow or may restrict documentation. The study concludes that security-related stress can provide additional insight into security-novice practitioners' ISRM challenges. 
  • Lundgren, Björn, 1984-, et al. (författare)
  • Defining Information Security
  • 2017
  • Ingår i: Science and Engineering Ethics. - : Springer. - 1353-3452 .- 1471-5546.
  • Tidskriftsartikel (refereegranskat)abstract
    • This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
  • Rocha Flores, Waldo, et al. (författare)
  • Information security knowledge sharing in organizations : Investigating the effect of behavioral information security governance and national culture
  • 2014
  • Ingår i: Computers & security (Print). - : Elsevier. - 0167-4048 .- 1872-6208. ; 43, s. 90-110
  • Tidskriftsartikel (refereegranskat)abstract
    • This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledge sharing differs based on national culture.The study followed a mixed methods research design, wherein qualitative data was collected to both establish the study’s research model and develop a survey instrument that was distributed to 578 information security executives. The results suggest that processes to coordinate implemented security knowledge sharing mechanisms have a major direct influence on the establishment of security knowledge sharing in organizations; the effect of organizational structure (e.g., centralized security function to develop and deploy uniform firm-wide policies, and use of steering committees to facilitate information security planning) is slightly weaker, while business-based information security management has no significant direct effect on security knowledge sharing. A mediation analysis revealed that the reason for the non-significant direct relation between business-based information security management and security knowledge sharing is the fully mediating effect of coordinating information security processes. Thus, the results disentangles the interrelated influences of behavioral information security governance factors on security knowledge sharing by showing that information security governance sets the platform to establish security knowledge sharing, and coordinating processes realize the effect of both the structure of the information security function and the alignment of information security management with business needs.A multigroup analysis identified that national culture had a significant moderating effect on the association between four of the six proposed relations. In Sweden – which is seen as a less individualist, feminine country – managers tend to focus their efforts on implementing controls that are aligned with business activities and employees’ need; monitoring the effectiveness of the implemented controls, and assuring that the controls are not too obtrusive to the end user. On the contrary, US organizations establish security knowledge sharing in their organization through formal arrangements and structures. These results imply that Swedish managers perceive it to be important to involve, or at least know how their employees cope with the decisions that have been made, thus favoring local participation in information security management, while US managers may feel the need to have more central control when running their information security function.The findings suggest that national culture should be taken into consideration in future studies – in particular when investigating organizations operating in a global environment – and understand how it affects behaviors and decision-making. 
  • Björck, Fredrik, 1972- (författare)
  • Discovering Information Security Management
  • 2005
  • Doktorsavhandling (övrigt vetenskapligt)abstract
    • This thesis is concerned with issues relating to the management of information security in organisations, motivated by the need for cost-efficient information security.It is based on the assumption that: in order to achieve cost-efficient information security, the point of departure must be knowledge about the empirical reality in which the management of information security takes place.The data gathering instruments employed are questionnaires with open-ended questions and unstructured research interviews. The empirical material is analysed, and conclusions are drawn following the principles of Grounded Theory. Data sources are professionals in the area of information security management, including information security consultants (n=13), certification auditors (n=8), and information security managers (n=8).The main contributions are: an integrated model illustrating the experts’ perceptions concerning the objectives, actors, resources, threats, and countermeasures of information security management; a framework for the evaluation, formation, and implementation of information security management systems; a new approach for the evaluation of information security in organisations; a set of success factors concerning the formation of information security management systems; and a problem inventory concerning the value and assessment of information security education and training.
  • Karlsson, Fredrik, 1974-, et al. (författare)
  • Inter-organisational information security : a systematic literature review
  • 2016
  • Ingår i: Information & Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 24:5, s. 418-451
  • Tidskriftsartikel (refereegranskat)abstract
    • Purpose: The purpose of this paper is to survey existing inter-organisational information securityresearch to scrutinise the kind of knowledge that is currently available and the way in which thisknowledge has been brought about.Design/methodology/approach: The results are based on a literature review of inter-organisational information security research published between 1990 and 2014.Findings: The authors conclude that existing research has focused on a limited set of research topics.A majority of the research has focused management issues, while employees’/non-staffs’ actualinformation security work in inter-organisational settings is an understudied area. In addition, themajority of the studies have used a subjective/argumentative method, and few studies combinetheoretical work and empirical data.Research limitations/implications: The findings suggest that future research should address abroader set of research topics, focusing especially on employees/non-staff and their use of processes andtechnology in inter-organisational settings, as well as on cultural aspects, which are lacking currently;focus more on theory generation or theory testing to increase the maturity of this sub-field; and use abroader set of research methods.Practical implications: The authors conclude that existing research is to a large extent descriptive,philosophical or theoretical. Thus, it is difficult for practitioners to adopt existing research results, suchas governance frameworks, which have not been empirically validated.Originality/value: Few systematic reviews have assessed the maturity of existinginter-organisational information security research. Findings of authors on research topics, maturity andresearch methods extend beyond the existing knowledge base, which allow for a critical discussionabout existing research in this sub-field of information security.
Skapa referenser, mejla, bekava och länka
Typ av publikation
konferensbidrag (201)
tidskriftsartikel (135)
doktorsavhandling (32)
bokkapitel (22)
licentiatavhandling (16)
annan publikation (14)
visa fler...
rapport (10)
bok (5)
forskningsöversikt (5)
proceedings (redaktörskap) (4)
samlingsverk (redaktörskap) (2)
visa färre...
Typ av innehåll
refereegranskat (337)
övrigt vetenskapligt (94)
populärvet., debatt m.m. (15)
Yngström, Louise (28)
Kowalski, Stewart (27)
Åhlfeldt, Rose-Mhari ... (24)
Ekstedt, Mathias (19)
Harnesk, Dan (19)
Hedström, Karin, 196 ... (17)
visa fler...
Karlsson, Fredrik, 1 ... (16)
Rocha Flores, Waldo (16)
Lindström, John (15)
Johnson, Pontus (13)
Kävrestad, Joakim, 1 ... (13)
Söderström, Eva (10)
Awad, Ali Ismail (9)
Åhlfeldt, Rose-Mhari ... (9)
Kolkowska, Ella (9)
Kolkowska, Ella, 197 ... (9)
Torra, Vicenç (8)
Holm, Hannes (8)
Bergström, Erik, 197 ... (8)
Johansson, Erik (7)
Fischer-Hübner, Simo ... (7)
Brodin, Martin (7)
Magnusson, Lars, 195 ... (7)
Päivärinta, Tero (7)
Lundgren, Martin (7)
Sommestad, Teodor (7)
Nohlberg, Marcus (6)
Abbas, Haider (6)
Magnusson, Christer (6)
Hemani, Ahmed (6)
Russo, Alejandro, 19 ... (6)
Hallberg, Jonas (6)
Boldt, Martin (6)
Lagerström, Robert (6)
Dhillon, Gurpreet (6)
Karlsson, Fredrik (5)
Sabelfeld, Andrei, 1 ... (5)
Thapa, Devinder (5)
Eriksson, Nomie, 195 ... (5)
Brandt, Patrik (5)
Bednar, Peter (4)
Sandkuhl, Kurt, 1963 ... (4)
Al Sabbagh, Bilal (4)
Fischer-Hübner, Simo ... (4)
Wangler, Benkt (4)
Goldkuhl, Göran (4)
Cegrell, Torsten (4)
Fritsch, Lothar, 197 ... (4)
Dayarathna, Rasika (4)
Iwaya, Leonardo H (4)
visa färre...
Kungliga Tekniska Högskolan (75)
Luleå tekniska universitet (73)
Högskolan i Skövde (69)
Stockholms universitet (55)
Örebro universitet (41)
Linköpings universitet (34)
visa fler...
Linnéuniversitetet (24)
Karlstads universitet (19)
Lunds universitet (18)
Chalmers tekniska högskola (17)
Jönköping University (12)
Göteborgs universitet (11)
Blekinge Tekniska Högskola (11)
Mittuniversitetet (10)
Uppsala universitet (7)
Mälardalens högskola (4)
RISE (4)
Malmö universitet (3)
Försvarshögskolan (3)
Södertörns högskola (2)
Karolinska Institutet (2)
Högskolan Kristianstad (1)
Umeå universitet (1)
Högskolan Väst (1)
Högskolan i Halmstad (1)
Högskolan i Borås (1)
Högskolan Dalarna (1)
visa färre...
Engelska (435)
Svenska (10)
Italienska (1)
Forskningsämne (UKÄ/SCB)
Naturvetenskap (246)
Samhällsvetenskap (118)
Teknik (77)
Medicin och hälsovetenskap (10)
Humaniora (4)


pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy