WFRF:(Padyab Ali)
Sökning: WFRF:(Padyab Ali) > From rationale to l...
From rationale to lessons learned in the cloud information security risk assessment : a study of organizations in Sweden
-
- Faizi, Ana (författare)
- Luleå tekniska universitet,Datavetenskap,Department of Computer Science, Information Systems, Luleå University of Technology, Sweden
-
- Padyab, Ali (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,Forskningsmiljön Informationsteknologi,Information Systems,School of Informatics, University of Skövde, Skövde, Sweden
-
- Naess, Andreas (författare)
- Högskolan i Skövde,Institutionen för informationsteknologi,School of Informatics, University of Skövde, Skövde, Sweden
- (creator_code:org_t)
- Emerald Group Publishing Limited, 2022
- 2022
- Engelska.
- Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 30:2, s. 190-205
- Tidskriftsartikel (refereegranskat)
Abstract
Ämnesord
Stäng
- Purpose:This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.Design/methodology/approach:Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.Findings:The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.Originality/value:As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Information Systems (hsv//eng)
- SAMHÄLLSVETENSKAP -- Medie- och kommunikationsvetenskap -- Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning (hsv//swe)
- SOCIAL SCIENCES -- Media and Communications -- Information Systems, Social aspects (hsv//eng)
Nyckelord
- Cloud computing
- Practice
- Impact
- Rationale
- Information security risk assessment
- Lesson learned
- Information Systems
- Informationssystem (IS)
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
- Information and Computer Security (Sök värdpublikationen i LIBRIS)
Till lärosätets databas
Hitta mer i SwePub
- Av författaren/redakt...
- Faizi, Ana
- Padyab, Ali
- Naess, Andreas
- Om ämnet
-
- NATURVETENSKAP
- NATURVETENSKAP
- och Data och informa ...
- och Systemvetenskap ...
-
- SAMHÄLLSVETENSKAP
- SAMHÄLLSVETENSKA ...
- och Medie och kommun ...
- och Systemvetenskap ...
- Artiklar i publikationen
- Information and ...
- Av lärosätet
- Högskolan i Skövde
- Luleå tekniska universitet
Sök utanför SwePub
- Sök vidare i:
- Google Book Search
- Google Scholar
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
- Copyright © LIBRIS - Nationella bibliotekssystem
- LIBRIS.kb.se
