SwePub
Sök i SwePub databas

  Utökad sökning

Träfflista för sökning ""information security" ;lar1:(miun)"

Utökad sökning > "information security" > Mittuniversitetet

  • Resultat 1-10 av 13
Sortera/gruppera träfflistan
   
NumreringReferensOmslagsbildHitta
1.
  • Åkerlund, Agnes, et al. (författare)
  • Integration of Data Envelopment Analysis in Business Process Models : A novel approach to measure information security
  • 2020
  • Ingår i: Proceedings of the 6th International Conference on Information Systems Security and Privacy (ICISSP). - : SciTePress. - 9789897583995 ; , s. 281-288
  • Konferensbidrag (refereegranskat)abstract
    • This article explores the question of how to measure information security. Organisational information security is difficult to evaluate in this complex area because it includes numerous factors. The human factor has been acknowledged as one of the most challenging factors to consider in the field of information security. This study models the application of data envelopment analysis to business processes in order to facilitate the evaluation of information security that includes human factors. In addition to the model, this study demonstrates that data envelopment analysis provides an efficiency measure to assess the information security level of a business process. The novel approach that is proposed in this paper is exemplified with the aid of three fictive processes. The Business Process Model and Notation has been used to map the processes because it facilitates the visualisation of human interactions in processes and the form of the processed information. The combination of data envelopment analysis with process modelling and analyses of process deficiencies and threats to information security enables the evaluation of information security to include human factors in the analyses. Moreover, it provides a measure to benchmark information security in organisational processes.
  •  
2.
  • Nyman, Maja, et al. (författare)
  • Are You Ready When It Counts? : IT Consulting Firm’s Information Security Incident Management
  • 2019
  • Ingår i: Proceedings of the 5th International Conference on Information Systems Security and Privacy (ICISSP). - : SciTePress. - 9789897583599 ; , s. 26-37
  • Konferensbidrag (refereegranskat)abstract
    • Information security incidents are increasing both in number and in scope. In consequence, the General Data Protection Regulation and the Directive on security of network and information systems force organisations to report such incidents to a supervision authority. Due to the growing of both the importance of managing incidents and the tendency to outsourcing, this study focuses on IT-consulting firms and highlights their vulnerable position as subcontractors. This study thereby addresses the lack of empirical research on incident management and contributes valuable insights in IT-consulting firms’ experiences with information security incident management. Evidence from interviews and a survey with experts at IT-consulting firms focuses on challenges in managing information security incidents. The analyses identify and clarify both new and known challenges, such as how the recent regulations affect the role of an IT-consulting firm and how the absence of major incidents influences stakeholder awareness. Improvements of IT-consulting firm’s incident management process need to address internal and external communication, the information security awareness of employees and customers and the adequacy of the cost focus.
  •  
3.
  • Große, Christine, Fil.Lic, 1974-, et al. (författare)
  • Information Technology Consulting Firms’ Readiness for Managing Information Security Incidents
  • 2020
  • Ingår i: Information Systems Security and Privacy. - Cham : Springer Publishing Company. - 9783030494421 - 9783030494438 ; , s. 48-73
  • Bokkapitel (refereegranskat)abstract
    • Because of the increase in the number and scope of information security incidents, proper management has recently gained importance for public and private organizations. Further challenges in this area have resulted from new regulations, such as the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS), as well as a tendency to outsource vital services to subcontractors. This study addresses the lack of empirical studies in the field and focuses on information security incident management at information technology (IT) consulting firms.Specifically, it examines challenges due to their exposed position and newregulations. The contribution of the paper is twofold. First, it provides valuable insight into the experiences and challenges of Swedish IT consulting firms.Second, it proposes criteria for classifying an information security incident that can equip decision-makers with a solid and assessable basis for incident management. The results emphasize further improvements in employee awareness, incident classification, and systemic governance, thereby integrating corporate policy making, information security incident management, and information system leadership.
  •  
4.
  •  
5.
  • Große, Christine, Fil.Lic, 1974-, et al. (författare)
  • Blackout Ahead : Methodological Concerns in Studies of Critical Infrastructure Protection
  • 2019
  • Ingår i: Proceedings of the 29<sup>th</sup> European Safety and Reliability Conference(ESREL). - Singapore : European Safety and Reliability Association. - 9789811127243 ; , s. 1715-1723
  • Konferensbidrag (refereegranskat)abstract
    • This paper highlights difficulties in studying the Swedish crisis management system with a specific focus on the planning process STYREL. This process seeks to identify and prioritize vital objects in the category of critical infrastructure (CI) in order to elaborate an emergency response plan for the case of a power shortage. The concerns in this paper originate from a research project on how actors assess CI and cooperate during the process as well as which consequences the prioritization of CI pose for society and its citizens. The project employed material from document studies in addition to interviews with security officers at municipalities, coordinators at CountyAdministrative Boards (CABs), and representatives from power grid operators (PGOs). Furthermore, a survey was conducted among all CABs and the ten PGOs that are responsible for effectuating the plan within the initial phaseof a power shortage. The results reveal problems regarding the availability of relevant planning material, gaps in knowledge due to deficient continuity, difficulties in tracing particular objects during the process, and a lack of feedback that hampers evaluation and development. Thus, Swedish critical infrastructure protection (CIP) suffers from not only a shift in responsibility to regional and local actors but also a severe lack of systemic governance.
  •  
6.
  • Große, Christine, Fil.Dr, 1974-, et al. (författare)
  • Left in the Dark : Obstacles to Studying and Performing Critical Infrastructure Protection
  • 2021
  • Ingår i: Electronic Journal of Business Research Methods. - : Academic Conferences International Limited. - 1477-7029. ; 19:2
  • Tidskriftsartikel (refereegranskat)abstract
    • This paper highlights major methodological obstacles to studying and performing critical infrastructure protection (CIP) in general and CIP governance in particular. The study simultaneously examines a research project on and practice in the context of Swedish CIP. The complex planning approach of interest is called Styrel, a Swedish acronym for Steering Electricity to prioritised power consumers. It aims to identify and prioritise power consumers of societal importance, collectively referred to as critical infrastructure (CI), to provide an emergency response plan for the event of a national power shortage. Methodologically, the investigation uses material from document studies, interviews and a survey, which involved many actors from the Swedish case. For the analysis of the methodological obstacles, this study applies an abstracted research and development process that encompasses four steps: data collection, data assessment, decision-making and evaluation. The paper mutually maps the insights from the research project to the empirical evidence from the case study. Through this reflective analysis, the findings contribute to a deeper understanding of the challenges that significantly impede research and practice in the context of national and international CIP, for example, insufficient information sharing and knowledge exchange among parties, a lack of integrated and advanced methods, and uncertainty in policies that induces a variety of local approaches. In addition, since empirical research on implemented CIP plans is limited, this paper addresses this gap. It reveals five general obstacles for both research and practice: a) the access to high-quality data, b) the loss of knowledge over time, c) the interpretation and evaluation of processes and methods, d) the transferability and comparability of data, results and insights; whereas all culminate in 5) a lack of collective intelligence. The accumulation of these obstacles hinders a detailed assessment of decision-making for CIP and its consequences on society. For this reason, this study emphasises the need for enhancing mutual understanding among the various parties in the area of CIP while respecting relevant security issues when inventing novel methods that facilitate collective intelligence.
  •  
7.
  • Lakhan, Abdullah, et al. (författare)
  • Cost-Efficient Service Selection and Execution and Blockchain-Enabled Serverless Network for Internet of Medical Things
  • 2021
  • Ingår i: Mathematical Biosciences and Engineering. - : American Institute of Mathematical Sciences (AIMS). - 1547-1063 .- 1551-0018. ; 18:6, s. 7344-7362
  • Tidskriftsartikel (refereegranskat)abstract
    • These days, healthcare applications on the Internet of Medical Things (IoMT) network have been growing to deal with different diseases via different sensors. These healthcare sensors are connecting to the various healthcare fog servers. The hospitals are geographically distributed and offer different services to the patients from any ubiquitous network. However, due to the full offloading of data to the insecure servers, two main challenges exist in the IoMT network. (i) Data security of workflows healthcare applications between different fog healthcare nodes. (ii) The cost-efficient and QoS efficient scheduling of healthcare applications in the IoMT system. This paper devises the Cost-Efficient Service Selection and Execution and Blockchain-Enabled Serverless Network for Internet of Medical Things system. The goal is to choose cost-efficient services and schedule all tasks based on their QoS and minimum execution cost. Simulation results show that the proposed outperform all existing schemes regarding data security, validation by 10%, and cost of application execution by 33% in IoMT.
  •  
8.
  • Huang, Xin, 1982-, et al. (författare)
  • Sensor Aided Authentication
  • 2010
  • Ingår i: Communications in Computer and Information Science Volume 76 CCIS, 2010. - Berlin, Heidelberg : Springer. - 3642133649 - 9783642133640 ; , s. 265-277
  • Konferensbidrag (refereegranskat)abstract
    • The sharing of sensor data globally becomes possible by the development of wireless sensor network, cloud computing, and other related technologies. These new trends can also benefit information security. In this paper, the sensor data is involved in the authentication procedure which is one main component of security systems. Sensor aided password is proposed. In addition, the architecture for sensor aided authentication corresponding to the simple authentication scenario is also designed. Sensor data aided password generation and utilization bring convenience to users without weakening the password strength.
  •  
9.
  • Große, Christine, Fil.Dr, 1974-, et al. (författare)
  • Information-flawing Filters in Critical Infrastructure Protection : The deficient Information Basis in a Swedish Approach
  • 2023
  • Ingår i: International Journal of Critical Infrastructures. - 1475-3219 .- 1741-8038. ; 19:1
  • Tidskriftsartikel (refereegranskat)abstract
    • Various societal functions, such as healthcare, freight transports, water supplies and electricity, ensure the daily life, endurance and progress of modern societies. The protection of such critical functions requires comprehensive information processing. Based on evidence from documents on the Swedish planning process STYREL and interviews with entrusted decisionmakers at county administrative boards, municipalities and power grid operators, this study aims to crystallise information pathways and flaws to highlight information filtration and alteration. Analyses of the material reveal a set of information-flawing filters, such as information withholding or loss when sharing, information scarcity in criticality assessments and ad-hoc information creation due to scarcity. Because of these filters, the Swedish process causes an altering of information that affects the quality of decisions and the emergency response plan that relies on them. Thus, this study indicates deficiencies that relate to information sharing, information security and decision-making that pose risks to citizens and businesses.
  •  
10.
  • Große, Christine, Fil.Dr, 1974- (författare)
  • Enhanced Information Management in Inter-organisational Planning for Critical Infrastructure Protection : Case and Framework
  • 2021
  • Ingår i: Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP). - : SciTePress. - 9789897584916 ; , s. 319-330
  • Konferensbidrag (refereegranskat)abstract
    • This paper develops an analytical framework to assess information in planning for critical infrastructureprotection (CIP). Critical infrastructure concerns various societal functions that ensure the daily life,endurance and progress of societies. Thus, CIP involves a considerable number of actors in a multi-levelplanning that relies on inter-organisational information sharing. Based on a Swedish case of CIP, this studyaims to foster information assessment and management that bridge the inherent conflicts between informationsharing and information security in CIP. Analyses of the information alongside the Swedish STYREL processfirst exemplify crucial deficiencies in the inter-organisational, national emergency response planning and thenspecify a set of dimensions and attributes as baseline for assessing information and information processing inCIP. Four stages in the Swedish approach cause a filtering and altering of information that affect the qualityof decisions alongside the process and the emergency response plan that relies on them. By assessing theinformation basis in this large-scale approach, the paper contributes evidence-based foundations forinformation management in inter-organisational settings, such as the multi-level planning for CIP.
  •  
Skapa referenser, mejla, bekava och länka
  • Resultat 1-10 av 13

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy