Sökning: onr:"swepub:oai:DiVA.org:his-23312" >
“Check, Check, Chec...
“Check, Check, Check, We Got Those” – Catalogue Use in Information Security Risk Management
-
- Bergström, Erik, 1976- (författare)
- Jönköping University,JTH, Avdelningen för datateknik och informatik,School of Engineering, Department of Computer Science and Informatics, Jönköping University, Sweden
-
- Lundgren, Martin (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,Forskningsmiljön Informationsteknologi,Information Systems,School of Informatics, University of Skövde, Skövde, Sweden
-
- Bernsmed, Karin (författare)
- SINTEF Digital, Trondheim, Norway
-
visa fler...
-
- Bour, Guillaume (författare)
- SINTEF Digital, Trondheim, Norway
-
visa färre...
-
(creator_code:org_t)
- Cham : Springer, 2023
- 2023
- Engelska.
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783031385292 - 9783031385322 - 9783031385308 ; , s. 181-191
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
https://urn.kb.se/re...
-
visa färre...
Abstract
Ämnesord
Stäng
- Information Security Risk Management (ISRM) is fundamental in most organisations today. The literature describes ISRM as a complex activity, and one way of addressing this is to enable knowledge reuse in the shape of catalogues. Catalogues in the ISRM domain can contain lists of, e.g. assets, threats and security controls. In this paper, we focus on three aspects of catalogue use. Why we need catalogues, how catalogue granularity is perceived, and how catalogues help novices in practice. As catalogue use is not yet a widespread practice in the ISRM, we have selected a domain where catalogues are a part of the ISRM work. In this case, the Air Traffic Management (ATM) domain uses a methodology that includes catalogues and is built on ISO/IEC 27005. The results are based on data collected from 19 interviews with ATM professionals that are either experts or novices in ISRM. With this paper, we nuance the view on what catalogues can contribute with. For example, consistency, coherency, a starting point and new viewpoints. At the same time, we identify the need to inform about the aim of the catalogues and the limitations that come with catalogue use in order to leverage the use – especially from a novice perspective. © 2023, IFIP International Federation for Information Processing.
Ämnesord
- SAMHÄLLSVETENSKAP -- Medie- och kommunikationsvetenskap -- Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning (hsv//swe)
- SOCIAL SCIENCES -- Media and Communications -- Information Systems, Social aspects (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Information Systems (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences (hsv//eng)
Nyckelord
- Catalogues
- Information Security Risk Management
- Risk management practice
- Information Systems
- Informationssystem (IS)
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas