| 31. |
- Gebremeskel, Bemenet Kasahun, et al.
(författare)
-
Information Security Challenges During Digital Transformation
- 2023
-
Ingår i: Procedia Computer Science. - : Elsevier BV. - 1877-0509. ; 219, s. 44-51
-
Tidskriftsartikel (refereegranskat)abstract
- Since the proliferation of information technology (IT) into business processes, organisations have grown to rely on a large amount of data to improve their products and services and create added value. This development has made information the most valuable asset for any organisation, which, in turn, has made information security a primary concern for leaders. Despite the tremendous potential of digital transformation, prior empirical studies indicate that information security challenges must be overcome to realise the anticipated benefits. Analysing the data collected from 14 leaders through semi-structured interviews, this study identified six information security challenges facing organisations undertaking digital transformation—financial constraints, risk of security breaches, reduced productivity, reduced access and control over information, lack of expertise, and dynamic security management needs. Propositions, as well as the implication of the findings for research and practice, are discussed.
|
|
| 32. |
- Johansson, Erik, et al.
(författare)
-
Assessment of Enterprise Information Security : The Importance of Information Search Cost
- 2006
-
Ingår i: Proceedings of the Annual Hawaii International Conference on System Sciences. - 1530-1605. ; 9, s. 219a-
-
Tidskriftsartikel (refereegranskat)abstract
- There are today several methods and standards available for assessment of the level of information security in an enterprise. A problem with these assessment methods is that they neither provide an indication of the amount of effort required to obtain the assessment nor an approximation of this measure's credibility. This paper describes a part of a new method for assessing the level of enterprise information security expresses the credibility of the results in terms of confidence levels and make use of an estimation of the cost of searching for security evidence. Such methods for predicting information search cost of assessments are detailed in the paper. Search cost predictions are used for providing guidance on how to minimize the effort spent on performing enterprise information security assessments. The conclusions are based on a security assessment performed at a large European energy company and a statistical survey among Swedish security experts.
|
|
| 33. |
- Bergström, Erik, 1976-, et al.
(författare)
-
Revisiting information security risk management challenges : a practice perspective
- 2019
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:3, s. 358-372
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose – The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.Design/methodology/approach – The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel.Findings – Managerial and organisational concerns that go beyond a technical perspective have been . found, which affect the ongoing social build-up of knowledge in everyday information security work.Research limitations/implications – The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work.Practical implications – The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs.Originality/value – Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches.
|
|
| 34. |
- Holgersson, Jesper, et al.
(författare)
-
Information security patterns for web services
- 2006
-
Ingår i: Interoperability for enterprise software and applications. - London : ISTE. - 1905209614 - 9781905209613 ; , s. 133-144
-
Konferensbidrag (refereegranskat)abstract
- Web Services (WS), a currently popular subject among application developers, IT architects, and researchers, can be defined as a technology for publishing, identifying and calling services in a network of interacting computer nodes. The purpose of this paper is to illustrate the benefits of using patterns as a means of managing knowledge concerning security in the context of Web Services. We draw upon experiences from an industrial project in which a pattern catalogue for Web Services was created. The pattern catalogue consists of 29 patterns, which are generic solutions for service-based development and service-oriented architectures. In particular, Web Services are in focus as the enabling technique.
|
|
| 35. |
- Åhlfeldt, Rose-Mharie, 1960-, et al.
(författare)
-
Current Situation Analysis of Information Security Level in Municipalities
- 2018
-
Ingår i: Journal of Information System Security. - : The Information Institute. - 1551-0123 .- 1551-0808. ; 14:1, s. 3-19
-
Tidskriftsartikel (refereegranskat)abstract
- Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.
|
|
| 36. |
- Rocha Flores, Waldo, et al.
(författare)
-
Expert Opinions on Information Security Governance Factors : An Exploratory Study
- 2011
-
Ingår i: ECIS 2011 Proceedings.
-
Konferensbidrag (refereegranskat)abstract
- Information Security Governance (ISG) is an important discipline that addresses information security at a strategic level providing strategic direction, optimized use of information resources and proper security incident management. ISG and the impact of poor security incident management have attracted much attention in the literature but unfortunately there is little empirical evidence regarding the explicit link between ISG and its effectiveness in terms of reducing negative impacts on business objectives from security incidents. Consequently, little exploration of ISG factors and their impact on the above mentioned measure of effectiveness exists. Further, to direct endeavors the crucial question is if there exist any differences in how effective these factors are in attaining this target. Currently, there is a lack in research considering this question. The research presented in this article explores the ISG domain further by empirically examine 30 ISG factors and their ability of reducing negative impacts on business objectives from security incidents. Data has been collected by surveying ISG experts. Ten factors were identified to have significant different means in relation to other factors according to a one-way ANOVA analysis that was conducted. The results give an indication on what ISG factors that have an effect, providing both support for further academic research and also decision support for implementing ISG.
|
|
| 37. |
- Kolkowska, Ella, et al.
(författare)
-
Analyzing information security goals
- 2012. - 1
-
Ingår i: Threats, countermeasures and advances in applied information security. - : IGI Global. - 9781466609785 ; , s. 91-110
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)abstract
- "This book addresses the fact that managing information security program while effectively managing risks has never been so critical, discussing issues such as emerging threats and countermeasures for effective management of information security in organizations"--Provided by publisher.
|
|
| 38. |
- Harnesk, Dan, et al.
(författare)
-
Materializing organizational information security
- 2012
-
Ingår i: Nordic Contributions in IS Research. - Berlin, Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642322693 - 9783642322709 ; , s. 76-94
-
Konferensbidrag (refereegranskat)abstract
- In the context of situated elderly care this paper discusses the intertwined relationship between organizational security objectives, technology, and employees' security behavior. We use findings from a single case study to aid in our understanding of how managers sought to create a secure work environment by introducing behavioral security technology, and how employees appreciated the new security software in everyday routines. Theoretically the case study is informed by sociomateriality in that it employs the notion of technological affordances of behavioral security technology. Findings show that security technology material is an integral part of security management and security in use, and that both the technical actor and human actors contributed to cultivation of the information security practice in the elderly care center
|
|
| 39. |
- Ording, Lovisa Göransson, et al.
(författare)
-
The influence of inputs in the information security policy development : an institutional perspective
- 2022
-
Ingår i: Transforming Government. - : Emerald Group Publishing Limited. - 1750-6166 .- 1750-6174. ; 16:4, s. 418-435
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: The purpose of this paper is to investigate what role literature-based inputs have on the information security policy (ISP) development in practice.Design/methodology/approach: A literature review is carried out to identify commonly used inputs for ISP development in theory firstly. Secondly, through the lens of institutional theory, an interpretive approach is adapted to study the influence of literature-based inputs in the ISP development in practice. Semi-structured interviews with senior experienced information security officers and managers from the public sector in Sweden are carried out for this research.Findings: According to the literature review, 10 inputs for ISP development have been identified. The results from the interviews indicate that the role inputs have on the ISP development serves as more than a rational tool, where organisational context, institutional pressures and the search for legitimacy play an important role.Research limitations/implications: From the institutional perspective, this study signifies the influence of inputs on ISP development can be derived from institutionalised rules or practices established by higher authorities; actions and practices that are perceived as successful and often used by other organisations; the beliefs of what is viewed as appropriate to meet the specific pressures from stakeholders.Practical implications: This research recommends five practical implications for practitioners working with the ISP development. These recommendations aim to create an understanding of how an ISP could be developed, considering more than the rational functionalist perspective.Originality/value: To the best of the authors' knowledge, it is the first of its kind in examining the role of literature-based inputs in ISP development in practice through the lens of institutional theory.
|
|
| 40. |
- Kolkowska, Ella, 1972-, et al.
(författare)
-
Organizational power and information security rule compliance
- 2013
-
Ingår i: Computers & security (Print). - : Elsevier BV. - 0167-4048 .- 1872-6208. ; 33, s. 3-11
-
Tidskriftsartikel (refereegranskat)abstract
- This paper analyzes power relationships and the resulting failure in complying with information security rules. It argues that an inability to understand the intricate power relationships in the design and implementation of information security rules leads to a lack of compliance with the intended policy. The argument is conducted through an empirical, qualitative case study set in a Swedish Social Services organization. Our findings indicate that various dimensions of power and how these relate to information security rules ensure adequate compliance. This also helps to improve configuration of security rules through proactive information security management.
|
|
