| 1. |
- Hallberg, Jonas, et al.
(författare)
-
Controlled Information Security: How to recognize and improve organizational information security status
- 2010
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- This report is a compilation of the first three main reports of the COINS project (Yngström et al., 2009a, Yngström et al., 2009b, Hallberg & Lundholm 2009). The COntrolled INformation Security (COINS) research project was established to address the needs of understanding, learning and eventually managing information security (IS) in organizations. It has proved to be difficult for organizations, including government agencies, to reach adequate information security levels, as illustrated by a report from the Swedish national audit office published in 2007 (RiR, Swedish National Audit Office 2007). Despite much research and work conducted within the area, auditing and assessments frequently find inadequacies in how practical IS is handled, and, as it seems, there are frequent discrepancies in how IS is perceived by humans and what degree of IS that is actually performed. The three first reports of COINS present in detail the design, modeling and test of six constructs – frameworks and models – for assessing IS. The different constructs compute and discuss the metrics provided in three different ways. This report targets mainly the participants at the agency at which the tests of IS metrics were conducted. The concept of a IS metric is interpreted widely following the definition from Hallberg et al. (2004): “A security metric contains three main parts: a magnitude, a scale and an interpretation. The security values of systems are measured according to a specified magnitude and related to a scale. The interpretation prescribes the meaning of obtained security values”, and aims at the formulation of viable IS metrics. Therefore this report is also an input to a validation test of the practical results obtained, while the theoretical validation rests with the reasoning presented in the two first reports. The approach taken differs from the ordinary 27000-standard based analyses in that the idealized communication structure starts from demands of an information system in total, and views communication as equal to steering and control. Thereby, both the social and the technical layers in communication are included as are the strategic, tactic and operational decision levels and their equivalent life cycle stages. Metrics focusing the control system underline that complex information systems necessarily must handle existing variety including its IS. Some of the findings, which still have to be verified by the agency, are: 1. the relative focus for the agency’s documentation correlates rather well with the relative focus of the controls specified in appendix A of the standard ISO/IEC 27001, 2. the agency seems partly to fulfill the security policy, which it has defined itself, 3. the agency tend to focus on operative matters and on acting when something has happened, rather than emphasize planning and developing and carrying out proactive information security work. A general observation of all COINS’ constructs, on which metrics in the report are based, is that the standard may not explicitly identify senders respectively receivers of messages. This is illustrated by the metrics connected to ISO/IEC appendix A, which show that most of the controls listed (76%) do not have an entity assigned to it. Apart from COINS’ work with metrics being verified by the participating agency, future work involves developing a faster and eventually also recursive method for analyzing and extracting interesting data for metrics use, as well as providing more transparent views on the models. The research is planned to continue for one further year.
|
|
| 2. |
|
|
| 3. |
- Karlsson, Gunnar, Professor, et al.
(författare)
-
Agile Education Imagined : A report from the Cybercampus workshop onAgile Education
- 2023
-
Rapport (populärvet., debatt m.m.)abstract
- Cybercampus Sweden is a national initiative to provide education, research, innovation and advice in cybersecurity and cyber-defense. This brochure addresses needs for cybersecurity training and education. The contents are fictitious courses created from the outcomes of a planning workshop on agile education, conducted by the planning project for Cybercampus Sweden, held on October 17, 2022.
|
|
| 4. |
- Åhlfeldt, Rose-Mharie, et al.
(författare)
-
Kompetensbehov och kompetensförsörjning inom informationssäkerhet från ett samhällsperspektiv
- 2015
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- På uppdrag av Myndigheten för samhällsskydd och beredskap (MSB) har en studie genomförts med syftet att komplettera resultatet från en tidigare genomförd förstudie (Åhlfeldt m.fl., 2014) med en analys av kompetensförsörjning och kompetensbehov på informationssäkerhetsområdet från ett samhällsperspektiv. Arbetet har genomförts av forskare från två lärosäten, Högskolan i Skövde och Karlstad Universitet, samt inom tre forskningsdiscipliner: pedagogik, informationssäkerhet och företagsekonomi.Uppdraget har varit att besvara följande frågeställningar:Vilka är kompetensbehoven för att ha en god och balanserad informationssäkerhet som bidrar till samhällets informationssäkerhet?Samtida kompetensbehov (nuläget)Framtida kompetensbehovHur ska nödvändig kompetens erhållas och på vem ligger ansvaret?Utifrån ovanstående frågeställningar, vilka är de viktigaste framgångsfaktorerna?Arbetet har genomförts i form av fokusgrupper med representanter från myndigheter och företag som har en nära verksamhetskoppling till samhällets informationssäkerhet och som är viktiga för att samhällets informationssäkerhet ska fungera.Resultatet visar att det finns stora brister avseende informationssäkerhetskompetens på alla nivåer i samhället. Tre tydliga områden pekas ut 1) nationellt - ökat behov av starkare styrning och ledning samt kravställning 2) organisation - ökat behov av kompetens från ledning till medarbetare men med starkt fokus på kompetenshöjande åtgärder på ledningsnivå samt vid upphandling och 3) medborgarperspektivet där framförallt skolområdet lyfts fram som ett viktigt insatsområde för kompetenshöjande åtgärder.För att uppnå nödvändig kompetens krävs utbildningsinsatser på alla ovan angivna områden. Dels utbildningar på akademisk nivå för informationssäkerhetsexperter men även övriga utbildningar inom t ex juridik och ekonomi. Även yrkesverksamma på organisationsnivå behöver riktade kompetenshöjande åtgärder som sätter informationssäkerhet i fokus utifrån organisationens verksamhetsbehov, allt ifrån ledningsnivå till medarbetarnivå.Resultatet visar även att ansvaret för samhällets kompetensförsörjning för informationssäkerhet ligger även den på alla ovan nämnda tre områden men med tydlig betoning på nationell nivå. Här betonas behovet av nationella krav för att medvetandegöra och lyfta informationssäkerheten i samhällsviktig verksamhet för att nå så många medborgare som möjligt. Förslag på framtida arbete avseende utveckling av metoder för framtida studier av kompetensförsörjningen pekar främst på metoder för att angripa bristen på helhetssyn samt kompetensförsörjning för management och medborgare.
|
|
| 5. |
|
|
| 6. |
- Ingemarsson, Ingemar
(författare)
-
Encryption in Data Networks with Application to Teletex
- 1978
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- TELETEX is a new international telecommunication service for text communication between terminals capable of data storage and possibly integrated in a information processing system, [l]. The new service is intended to fill the same needs as does business mail. With regard to information security this means that the information handled by the TELETEX system shall not be unintentionally changed or destroyed or lost to an unintended receiver. Measures to prevent this are called information protection. (We prefer to use the terms information security and information protection rather than data security and data protection. The reason is that "data " in the sense of a string of symbol s may be lost without revealing the information represented by the data. This is for example the case when the data consists of encrypted information).One of the most efficient methods for information protection is to use encryption. This means that the information is transmitted using a ''language" which i s not understood by is efficiently protected against loss and in most cases also against undetected change. Cryptological methods can also be used to detect information destruction. In Section 2 of this report we discuss the basic problems involved with the use of encryption in data networks in general.In a separate report we discuss the possible threats to the information security in TELETEX. This leads to suggestions regarding suitable protection methods. Our standpoint is that TELETEX shall offer at least the same level of information security as does the established mail distribution system.
|
|
| 7. |
- Ingemarsson, Ingemar
(författare)
-
Encryption in Telefax
- 1978
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Our standpoint is that the basic need for information security in TELETEX is provided by the data network used together with the possibility to encrypt the messages in the terminals, thereby protecting the messages from information loss. Means for detection of information destruction or change and f or verification at unencrypted data may then be provided for by the user of the TELETEX system.
|
|
| 8. |
- Östling, Alina, et al.
(författare)
-
Mobility Data Specification (MDS)
- 2023
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- In recent years, e-scooters have become increasingly common in cities around the world, and municipalities have been working with digital solutions to regulate and monitor their use. The Mobility Data Specification (MDS) is one such standard that many cities use to establish a digital infrastructure for electric scooters. MDS has helped cities with regulatory issues and created business opportunities for outside software developers. This report has particularly focused on business models and ecosystems, semantic interoperability, information security and privacy protection, and data ownership under MDS.
|
|
| 9. |
- Ding, Jianguo, 1968-, et al.
(författare)
-
Blockchain for Smart Grid Operations, Control and Management
- 2022
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- A comprehensive overview of blockchain-based smart grid management, control, and operation solutions. The report compares with related reviews and highlights the challenges in management, control, and operation for a blockchain-based smart grid, as well as future research directions in five categories: collaboration between actors, data analytics and management, control of network imbalances, decentralization of network management and operation, security and privacy.The report reviews how blockchain technology can potentially solve the challenges of decentralized solutions for future renewable energy systems. As a result, several applications of blockchain for renewable energy are discussed, such as electric vehicles, decentralized P2P energy transactions, carbon certification and trading, physical information security, energy transfer, Energy-to-X, and the Internet of Energy.A guideline for the implementation of blockchain to corresponding applications for future renewable energy is also presented in this report. This includes the different blockchain system architectures, the data flow from the power grid processed and recorded, the choice of the appropriate consensus, and the different blockchain frameworks.
|
|
| 10. |
- Jokela, Päivi, et al.
(författare)
-
att lära säkert : IT-säkerhet i Nätuniversitetets distansutbildningar
- 2005
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The current higher education, both distance education and traditional campus courses,relies more and more on modern information and communication technologies (ICT).The use of computer systems and networks results in a wide range of security issues thatmust be dealt with in order to create a safe learning environment. In this work, we studythe security status within the Swedish Net University, where several universitiescollaborate in order to offer ICT supported higher education distance courses. The totalICT-security is defined as a combination of computer security and information security,and the focus in this work is on the information security. The four main components ofthe information security that are used in the study are: confidentiality, integrity,availability and accountability.The data gathering was made in two steps: first preliminary interviews then themain questionnaire. The interview respondents were a small number of students,teachers and ICT-experts at various universities, and the results of this preliminary studywere then used to complete the questionnaire. The main questionnaire was sent toapproximately 700 students, 100 lectures and 50 ICT-pedagogues. The answers wereanalysed both quantitatively and qualitatively. However, due to a relatively lowanswering rate, we must point out that the conclusions made are based on these limitedresults, and are therefore not necessarily generally applicable within the distanceeducation.The results show that both teachers and students involved in distance educationconsider that they have relatively good basic competence regarding the use of various ICT-resources. In addition, they consider that the computers and network connectionsthey are using have adequate technical standard. However, the respondents also expressa need for more information and training in various areas that are directly connected toinformation security issues. What is more, both students and teachers require thatadequate computer support is constantly available. Several respondents have notdeveloped procedures for backing up files in a regular basis. There seems also be someuncertainty concerning which measures should be taken in order to protect computersystem from viruses and also what should be done if the computer is infected. Manyteachers consider that the risk for cheating, especially for plagiarism, is greater in thedistance education than in campus courses. These teachers also spend more time toprevent this problem in distance courses, and may have special procedures in order todetect plagiarism.Even if several security issues are indicated, most of the respondents considerthat the general ICT-security in distance education has a relatively high standard. Thismay be a sign of some discrepancy between the users’ knowledge and their actualbehavior when they use the computer systems.
|
|
