Addressing Dynamic Issues in Information Security Management

• Ett ramverk för behandling av osäkerhet inom ledningssystem för informationssäkerhet presenteras. Ramverket baseras på teorier från corporate finance. En fallstudie visar hur ramverket kan appliceras.

• The paper addresses three main problems resulting from uncertainty in information security management: i)dynamically changing security requirements of an organization ii) externalities caused by a security system and iii)obsolete evaluation of security concerns. A framework based on options reasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture and decision-making for handling these issues at organizational level. The adaptation as methodology is demonstrated by a large case study validating its efficacy.

Subject headings

NATURVETENSKAP  -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences -- Information Systems (hsv//eng)

NATURVETENSKAP  -- Data- och informationsvetenskap (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences (hsv//eng)

Keyword

Dynamic Security Requirement Management

IT Security Externalities

Re-evaluation of IT Products

ITsäkerhetskrav

evaluering av ITsäkerhet

Computer and Systems Sciences

data- och systemvetenskap

Information technology

Publication and Content Type

ref (subject category)

art (subject category)