| 1. |
- Lundgren, Martin, et al.
(författare)
-
Security-related stress : A perspective on information security risk management
- 2019
-
Ingår i: 2019 International Conference on Cyber Security and Protection of Digital Services, Cyber Security 2019. - : IEEE. - 9781728102290 - 9781728102306
-
Konferensbidrag (refereegranskat)abstract
- In this study, the enactment of information security risk management by novice practitioners is studied by applying an analytical lens of security-related stress. Two organisations were targeted in the study using a case study approach to obtain data about their practices. The study identifies stressors and stress inhibitors in the ISRM process and the supporting ISRM tools and discusses the implications for practitioners. For example, a mismatch between security standards and how they are interpreted in practice has been identified. This mismatch was further found to be strengthened by the design of the used ISRM tools. Those design shortcomings hamper agility since they may enforce a specific workflow or may restrict documentation. The study concludes that security-related stress can provide additional insight into security-novice practitioners' ISRM challenges.
|
|
| 2. |
- Metalidou, Efthymia, et al.
(författare)
-
The Human Factor of Information Security : Unintentional Damage Perspective
- 2014
-
Ingår i: Procedia - Social and Behavioral Sciences. - : Elsevier. ; , s. 424-428
-
Konferensbidrag (refereegranskat)abstract
- It is widely acknowledged that employees of an organization are often a weak link in the protection of its information assets. Information security has not been given enough attention in the literature in terms of the human factor effect; researchers have called for more examination in this area. Human factors play a significant role in computer security. In this paper, we focus on the relationship of the human factor on information security presenting the human weaknesses that may lead to unintentional harm to the organization and discuss how information security awareness can be a major tool in overcoming these weaknesses. A framework for a field research is also presented in order to identify the human factors and the major attacks that threat computer security.
|
|
| 3. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
ContextBased MicroTraining : A Framework for Information Security Training
- 2020
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783030574031 - 9783030574048 ; , s. 71-81
-
Konferensbidrag (refereegranskat)abstract
- This paper address the emergent need for training measures designed to improve user behavior in regards to security. We do this by proposing a framework for information security training that has been developed for several years and over several projects. The result is the framework ContextBased MicroTraining (CBMT) which provides goals and guidelines for how to better implement information security training that supports the user in the situation where the user needs support. CBMT has been developed and tested for use in higher education as well as for the support of users during passwords creation. This paper presents version 1.0 of the framework with the latest renements.
|
|
| 4. |
|
|
| 5. |
- Iqbal, Sarfraz, et al.
(författare)
-
Towards a design theory for educational on-line information security laboratories
- 2012
-
Ingår i: Advances in Web-Based Learning - ICWL 2012. - Heidelberg : Encyclopedia of Global Archaeology/Springer Verlag. - 9783642336416 - 9783642336423 ; , s. 295-306
-
Konferensbidrag (refereegranskat)abstract
- Online learning for educating information security professionals has increased in popularity. The security curriculum and technology, as well as hands-on laboratory experiences implemented in information security labs, are important elements in an online education system for information security. We drew our motivation from an on-going information security lab development initiative in our own institution, and this paper aims to provide an integrated overview on reported instances of online hands-on education in information security. Our review contributes to the existing knowledge by using the anatomy of design theory framework as a basis for literature analysis, as this provides a common basis to examine theories about human-created information technology artifacts such as information security labs and how such knowledge has been communicated to academia. Our results show that none of the articles studied here puts forward a well-grounded and tested design theory for on-line information security laboratories. This hinders accumulation of knowledge in this area and makes it difficult for others to observe, test and adapt clear design principles for security laboratories and exercises.
|
|
| 6. |
- Kowalski, Stewart, et al.
(författare)
-
Information Security Metrics: Research Directions
- 2011
-
Konferensbidrag (refereegranskat)abstract
- This paper is largely based on a state of the art report covering the information security (IS) metrics area produced as part of the Controlled Information Security (COINS) research project funded by the Swedish Civil Contingencies Agency (MSB) and the comprehensive literature review conducted while compiling the report. The report's findings are summarized and some of the key issues discovered in the course of the literature review are reflected upon. Additionally, the paper describes a conceptual systemic scheme/model for the research process, while explaining its relevance to the subject area, that may help with resolution of the outlined issues in future research in the area. The paper is written principally with a management/governance (rather than engineering) perspective in mind
|
|
| 7. |
- Åhlfeldt, Rose-Mharie
(författare)
-
Information Security in Home Healthcare : A Case Study
- 2002
-
Ingår i: Conference Proceedings of AiCE2002, Sydney, September 30th, 2002: Third Australian Institute of Computer Ethics Conference. - Geelong : School of Information Technology, Deakin University. - 0730025608 ; , s. 6-15
-
Konferensbidrag (refereegranskat)
|
|
| 8. |
- Kajtazi, Miranda, 1983-, et al.
(författare)
-
Information Security Policy Compliance : An Empirical Study on Escalation of Commitment
- 2013
-
Ingår i: 19th Americas Conference on Information Systems (AMCIS 2013). - Red Hook, N.Y. : Curran Associates, Inc.. - 9781629933948 ; , s. 2011-2020
-
Konferensbidrag (refereegranskat)abstract
- This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.
|
|
| 9. |
- Johansson, Erik, et al.
(författare)
-
Assessment of Enterprise Information Security : The Importance of Prioritization
- 2005
-
Ingår i: Ninth IEEE International EDOC Enterprise Computing Conference, Proceedings. - 0769524419 ; , s. 207-218
-
Konferensbidrag (refereegranskat)abstract
- Assessing the level of information, security in an enterprise is a serious challenge for many organizations. This paper considers the prioritization of the field of enterprise information security. The paper thus considers how we may know what parts Of information security are important for a company to address and what parts are not. Two methods for prioritization are used. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. The ISOJEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. The differences in prioritization have important consequences on enterprise information security assessments. The effects on the information security assessment results in a European energy company are presented in the paper.
|
|
| 10. |
- Holgersson, Jesper, et al.
(författare)
-
Information security patterns for web services
- 2006
-
Ingår i: Interoperability for enterprise software and applications. - London : ISTE. - 1905209614 - 9781905209613 ; , s. 133-144
-
Konferensbidrag (refereegranskat)abstract
- Web Services (WS), a currently popular subject among application developers, IT architects, and researchers, can be defined as a technology for publishing, identifying and calling services in a network of interacting computer nodes. The purpose of this paper is to illustrate the benefits of using patterns as a means of managing knowledge concerning security in the context of Web Services. We draw upon experiences from an industrial project in which a pattern catalogue for Web Services was created. The pattern catalogue consists of 29 patterns, which are generic solutions for service-based development and service-oriented architectures. In particular, Web Services are in focus as the enabling technique.
|
|
