SwePub
Sök i SwePub databas

  Utökad sökning

Träfflista för sökning ""information security" "

Utökad sökning > "information security"

  • Resultat 21-30 av 556
Sortera/gruppera träfflistan
   
NumreringReferensOmslagsbildHitta
21.
  • Lundgren, Björn, 1984- (författare)
  • Information, Security, Privacy, and Anonymity : Definitional and Conceptual Issues
  • 2018
  • Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
    • This doctoral thesis consists of five research papers that address four tangential topics, all of which are relevant for the challenges we are facing in our socio-technical society: information, security, privacy, and anonymity. All topics are approached by similar methods, i.e. with a concern about conceptual and definitional issues. In Paper I—concerning the concept of information and a semantic conception thereof—it is argued that the veridicality thesis (i.e. that information must be true or truthful) is false. In Paper II—concerning information security—it is argued that the current leading definitions suffer from counter-examples, and lack an appropriate conceptual sense. Based on this criticism a new kind of definition is proposed and defended.  In Paper III—concerning control definitions of privacy—it is argued that any sensible control-definition of privacy must properly recognize the context as part of the defining criteria. In Paper IV—concerning the concept of privacy—it is argued that privacy is a normative concept and that it is constituted by our social relations. Final, in Paper V—concerning anonymity—it is argued that the threat from deanonymization technology goes beyond harm to anonymity. It is argued that a person who never is deanonymized can still be harmed and what is at stake is an ability to be anonymous.
  •  
22.
  • Åhlfeldt, Rose-Mharie (författare)
  • Information Security in Home Healthcare : A Case Study
  • 2002
  • Ingår i: Conference Proceedings of AiCE2002, Sydney, September 30th, 2002: Third Australian Institute of Computer Ethics Conference. - Geelong : School of Information Technology, Deakin University. - 0730025608 ; , s. 6-15
  • Konferensbidrag (refereegranskat)
  •  
23.
  • Metalidou, Efthymia, et al. (författare)
  • Human factor and information security in higher education
  • 2014
  • Ingår i: Journal of Systems and Information Technology. - : Emerald Group Publishing Limited. - 1328-7265 .- 1758-8847. ; 16:3, s. 210-221
  • Tidskriftsartikel (refereegranskat)abstract
    • Purpose – This paper investigates the association of Lack of Awareness and human factors, and the association of Lack of Awareness and significant attacks that threat computer security in Higher Education.Design/methodology/approach – Five human factors and nine attacks are considered, in order to investigate their relationship. A field research is conducted on Greek employees in Higher Education in order to identify the human factors that affect information security. The sample is consisted of 103 employees that use computers at work. Pearson correlation analysis between Lack of Awareness and nine (9) computer security risks is performed.Findings – Examining the association of Lack of Awareness with these attacks that threat the security of computers, all nine factors of important attacks exert significant and positive effect, apart from Phishing. Considering the relationship of Lack of Awareness to human factors, all five human factors used are significantly and positively correlated with Lack of Awareness. Moreover, all nine important attacks, apart from one, exert a significant and positive effect.Research limitations/implications – The paper extends understanding of the relationship of the human factors, the Lack of Awareness, and information security. The study has focused on employees of the Technological Educational Institute (TEI) of Athens, namely teachers, administrators, and working post-graduate students.Originality/value – The paper has used weighted factors based on data collection in Higher Education to calculate a global index for Lack of Awareness, as the result of the weighted aggregation of nine (9) risks, and extends the analysis performed in the literature to evaluate the effectiveness of Security Awareness in Computer Risk Management.
  •  
24.
  • Brodin, Martin (författare)
  • Managing information security for mobile devices in small and medium-sized enterprises : Information management, Information security management, mobile device
  • 2020
  • Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
    • The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations. However, they typically lack the resources and specialist competences necessary to use the available frameworks.This thesis describes an Action Design Research project to devise and test a low cost, low learning curve method for improving mobile security management. The project is conducted together with a small Swedish consulting company and evaluated in several other companies. In order to solve the challenge that SMEs faces; three objectives have been set:1. Identify existing solutions at a strategic level to managing information that is accessible with mobile devices and their suitability for SMEs.2. Develop a framework to support SMEs to manage information in a secure way on mobile devices.3. Evaluate the framework in practice.The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. The most important contribution to both science and practice is a structured approach for managers to deal with mobile devices, or for that matter other technology advances that do not fit into the existing management system. The journey to the final solution also produced several smaller contributions to science, for example insights from C-suites about strategies and work with mobile devices, differences and similarities between CYOD (choose your own device) and BYOD (bring your own device), the role of security policies in organisations, and twelve identified management issues with mobile devices.
  •  
25.
  • Kajtazi, Miranda, 1983-, et al. (författare)
  • Information Security Policy Compliance : An Empirical Study on Escalation of Commitment
  • 2013
  • Ingår i: 19th Americas Conference on Information Systems (AMCIS 2013). - Red Hook, N.Y. : Curran Associates, Inc.. - 9781629933948 ; , s. 2011-2020
  • Konferensbidrag (refereegranskat)abstract
    • This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.
  •  
26.
  • Karlsson, Martin, 1982-, et al. (författare)
  • The effect of perceived organizational culture on employees’ information security compliance
  • 2022
  • Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 30:3, s. 382-401
  • Tidskriftsartikel (refereegranskat)abstract
    • Purpose: This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers.Design/methodology/approach: The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy,market and bureaucracy.Findings: The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance.Research limitations/implications: The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance.Practical implications: Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations.Originality/value: Few information security policy compliance studies exist on the consequences of different organizational/information cultures.
  •  
27.
  • Bergström, Erik, 1976-, et al. (författare)
  • Stress Amongst Novice Information Security Risk Management Practitioners
  • 2019
  • Ingår i: International Journal on Cyber Situational Awareness. - : Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC). - 2057-2182 .- 2057-2182. ; 4:1, s. 128-154
  • Tidskriftsartikel (refereegranskat)abstract
    • Today, information is a key asset for many organisations. Reducing risks of information compromise is increasingly prioritised. However, there is an incomplete understanding of how organisations with limited security knowledge and experience manage information security risks in practice. Previous studies have suggested that security-novice employees faced with burdensome, complex, and ambiguous security requirements can experience security-related stress (SRS), and ultimately influence their security decisions. In this study, we further this research stream by suggesting that SRS can similarly be found with security-novice managers responsible for developing and practising information security risk management (ISRM). Two organisations were targeted in the study using a case study approach, to obtain data about their practices, using SRS as an analytical lens. The study found various examples where SRS influenced security-novice managers’ decisions, and identifies several stressors and stress inhibitors in the ISRM process and supporting ISRM tools, and discusses the implications for practitioners.
  •  
28.
  • Johansson, Erik, et al. (författare)
  • Assessment of Enterprise Information Security : The Importance of Prioritization
  • 2005
  • Ingår i: Ninth IEEE International EDOC Enterprise Computing Conference, Proceedings. - 0769524419 ; , s. 207-218
  • Konferensbidrag (refereegranskat)abstract
    • Assessing the level of information, security in an enterprise is a serious challenge for many organizations. This paper considers the prioritization of the field of enterprise information security. The paper thus considers how we may know what parts Of information security are important for a company to address and what parts are not. Two methods for prioritization are used. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. The ISOJEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. The differences in prioritization have important consequences on enterprise information security assessments. The effects on the information security assessment results in a European energy company are presented in the paper.
  •  
29.
  • Andersson, Annika, 1968-, et al. (författare)
  • “Standardizing information security – a structurational analysis”
  • 2022
  • Ingår i: Information & Management. - : Elsevier. - 0378-7206 .- 1872-7530. ; 59:3
  • Tidskriftsartikel (refereegranskat)abstract
    • Given that there are an increasing number of information security breaches, organizations are being driven to adopt best practice for coping with attacks. Information security standards are designed to embody best practice and the legitimacy of these standards is a core issue for standardizing organizations. This study uncovers how structures at play in de jure standard development affect the input and throughput legitimacy of standards. We participated as members responsible for standards on information security and our analysis revealed two structures: consensus and warfare. A major implication of the combination of these structures is that legitimacy claims based on appeals to best practice are futile because it is difficult to know which the best practice is.
  •  
30.
  • Johansson, Erik, 1967- (författare)
  • Assessment of Enterprise Information Security : How to make it Credible and Efficient
  • 2005
  • Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
    • Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level. This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient. The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general. The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential. It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels. The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making. The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden. The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.
  •  
Skapa referenser, mejla, bekava och länka
  • Resultat 21-30 av 556
Typ av publikation
konferensbidrag (240)
tidskriftsartikel (182)
doktorsavhandling (37)
bokkapitel (27)
annan publikation (17)
licentiatavhandling (17)
visa fler...
rapport (14)
forskningsöversikt (11)
bok (5)
proceedings (redaktörskap) (4)
samlingsverk (redaktörskap) (2)
visa färre...
Typ av innehåll
refereegranskat (430)
övrigt vetenskapligt/konstnärligt (109)
populärvet., debatt m.m. (17)
Författare/redaktör
Yngström, Louise (29)
Karlsson, Fredrik, 1 ... (28)
Kowalski, Stewart (27)
Kävrestad, Joakim, 1 ... (23)
Åhlfeldt, Rose-Mhari ... (23)
Nohlberg, Marcus, 19 ... (21)
visa fler...
Ekstedt, Mathias (19)
Harnesk, Dan (19)
Hedström, Karin, 196 ... (18)
Rocha Flores, Waldo (16)
Lindström, John (15)
Bergström, Erik, 197 ... (14)
Kolkowska, Ella, 197 ... (14)
Johnson, Pontus (13)
Lundgren, Martin (12)
Awad, Ali Ismail (11)
Magnusson, Lars, 195 ... (11)
Söderström, Eva (9)
Kolkowska, Ella (9)
Torra, Vicenç (8)
Sandkuhl, Kurt, 1963 ... (8)
Holm, Hannes (8)
Gao, Shang, 1982- (8)
Åhlfeldt, Rose-Mhari ... (8)
Iqbal, Sarfraz, 1979 ... (8)
Johansson, Erik (7)
Nohlberg, Marcus (7)
Fischer-Hübner, Simo ... (7)
Brodin, Martin (7)
Päivärinta, Tero (7)
Kajtazi, Miranda, 19 ... (7)
Monfelt, Yngve (7)
Abbas, Haider (6)
Magnusson, Christer (6)
Hemani, Ahmed (6)
Ericson, Åsa (6)
Lagerström, Robert (6)
Sommestad, Teodor (6)
Dhillon, Gurpreet (6)
Karlsson, Martin, 19 ... (5)
Sabelfeld, Andrei, 1 ... (5)
Boldt, Martin (5)
Islam, M. Sirajul, 1 ... (5)
Russo, Alejandro, 19 ... (5)
Hallberg, Jonas (5)
Thapa, Devinder (5)
Törner, Marianne, 19 ... (5)
Brandt, Patrik (5)
Fritsch, Lothar, 197 ... (5)
Lugnet, Johan, 1983- (5)
visa färre...
Lärosäte
Luleå tekniska universitet (88)
Högskolan i Skövde (88)
Kungliga Tekniska Högskolan (80)
Stockholms universitet (63)
Örebro universitet (61)
Jönköping University (45)
visa fler...
Linköpings universitet (39)
Linnéuniversitetet (32)
Karlstads universitet (21)
Blekinge Tekniska Högskola (21)
Lunds universitet (20)
Chalmers tekniska högskola (18)
Uppsala universitet (15)
Göteborgs universitet (14)
Mittuniversitetet (13)
RISE (7)
Mälardalens universitet (6)
Malmö universitet (5)
Högskolan Kristianstad (3)
Södertörns högskola (3)
Försvarshögskolan (3)
Umeå universitet (2)
Högskolan i Halmstad (2)
Högskolan Väst (2)
Högskolan Dalarna (2)
VTI - Statens väg- och transportforskningsinstitut (2)
Handelshögskolan i Stockholm (1)
Högskolan i Borås (1)
Karolinska Institutet (1)
visa färre...
Språk
Engelska (542)
Svenska (13)
Italienska (1)
Forskningsämne (UKÄ/SCB)
Naturvetenskap (315)
Samhällsvetenskap (161)
Teknik (110)
Medicin och hälsovetenskap (11)
Humaniora (5)

År

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy